Auth, Login, Signup and Signin flow

The auth flow is used for login and signup. It has 4 different initiation urls, and contains several steps based on client configuration. You can initiate the flow by either using path

  • /flow/login, to render a login view
  • /flow/signup, to render a signup view
  • /flow/auth, to render the either signup or login, based on if we recognize the user or not (recommended)
  • /flow/signin, to render a signin view and let the user login without credentials

URL Path: /flow/auth, /flow/login, /flow/signup, /flow/signin,

How it works

The login flow can be just one step, or it can be more. It depends on the current state of the user, and client configuration.

  • Step 1: Login or Signup
  • Step 2: Verify step, only shown if user is unverified
  • Step 3: Two factor authentication, only shown if client configuration require it
  • Step 4: Accept agreement, only shown if user has not accepted the latest agreement
  • Connect to client, an invisible step where user gets connected to client
  • Step 5: Required fields step, only shown if client require fields user have not filled
  • Step 6: Verify phone step, only shown if client configuration require it
  • Step 7: Notifications step, not currently in use

Flow is initiated by path /flow/auth, /flow/login or /flow/signup and require query parameters client_id, redirect_uri and response_type. Optional query parameters include, among others, cancel_redirect_uri.

Signin flow

Sign-in flow is a slight exception. It lets user to log in without providing his/hers credentials by using an unique, one at a time, valid for 5 minutes token.

  • Step 1: Signin view with e-mail input OR correct API endpoint
  • Step 2: Receiving e-mail
  • Optional step: Error page if link is expired or invalid
  • Step 3: Accept agreement, only shown if user has not accepted the latest agreement
  • Connect to client, an invisible step where user gets connected to client
  • Step 4: Required fields step, only shown if client require fields user have not filled
  • Step 5: Verify phone step, only shown if client configuration requires it

How it looks

Client teaser and Custom CSS is applied to all of the steps. See Flows for more info.

Flows

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.