Login with self-service
The ForgeRock Identity Platform login flow is set up to use self-service, as in the sample Login journey. This journey lets end users log in using their ForgeRock Identity Platform credentials and increment a login counter. End users are then sent through a separate progressive profile journey. The login journey can be expanded to include other features, such as support for identity providers. For more details, refer to Social authentication.
The following nodes are associated with login journeys:
- Platform Username node
-
The Platform Username node is used in both login and registration journeys. It collects the username of the end user.
- Platform Password node
-
The Platform Password node is used in both login and registration journeys. It collects the password of the end user.
- Data Store Decision node
-
The Data Store Decision node takes a username and password and validates they match an existing user in the configured data store (in this case, an IDM managed user).
Configure social identity providers
To include social identity providers as a method of authentication, configure the Social Identity Provider Service in AM to include either some form of social registration or social account claiming. For more information, refer to Social authentication. Once this is set up, add social identity provider support to your login journey.
-
To get started with social logins, you can create a new journey, modify the existing login journey, or duplicate the login journey and modify that.
This example uses the following nodes:
-
Connect the starting node to the Page node.
-
Connect the Social Authentication output on the Page node to the Social Provider Handler node.
-
On the Social Provider Handler node, connect the Account Exists output to the Increment Login Count node. Connect the No Account Exists output to the Failure node.
-
On the Page node, connect the Local Authentication node to the Data Store Decision node.
-
On the Data Store Decision node, connect the True output to the Increment Login Count node. Connect the False output to the Failure node.
-
Connect the Increment Login Count node to the Inner Tree Evaluator node node.
-
The Inner Tree Evaluator node node points to another journey, letting you chain multiple journeys together.
By default, this is set to point to the
ProgressiveProfilejourney. For more information about progressive profiles, refer to Progressive profile.Connect the Inner Tree Evaluator node node to the Success node.
The resulting login journey will look something like this:
Example login REST output
When calling a login self-service endpoint, you will receive a JSON object back, containing callbacks for each of the nodes included in the login journey.
Sample JSON callbacks
{
"authId": "<omitted for length>",
"callbacks": [
{
"type": "ValidatedCreateUsernameCallback",
"output": [
{
"name": "policies",
"value": {}
},
{
"name": "failedPolicies",
"value": []
},
{
"name": "validateOnly",
"value": false
},
{
"name": "prompt",
"value": "Username"
}
],
"input": [
{
"name": "IDToken1",
"value": ""
},
{
"name": "IDToken1validateOnly",
"value": false
}
],
"_id": 0
},
{
"type": "ValidatedCreatePasswordCallback",
"output": [
{
"name": "echoOn",
"value": false
},
{
"name": "policies",
"value": {}
},
{
"name": "failedPolicies",
"value": []
},
{
"name": "validateOnly",
"value": false
},
{
"name": "prompt",
"value": "Password"
}
],
"input": [
{
"name": "IDToken2",
"value": ""
},
{
"name": "IDToken2validateOnly",
"value": false
}
],
"_id": 1
}
],
"header": "Sign In",
"description": "New here? <a href=\"#/service/Registration\">Create an account</a><br><a href=\"#/service/ForgottenUsername\">Forgot username?</a> <a href=\"#/service/ResetPassword\">Forgot password?</a>"
}