The Login and Logout actions can be used to log users in and out.
Login
The Login action requests the OpenID provider's authorization URL from the Lowdefy server. The user is redirected to this URL, which normally hosts a login page. If the user is already logged in at the provider, the provider might redirect the user back without requiring a password again.
After the user has logged in successfully, the user is redirected to the auth/openid-callback route in the Lowdefy app, where the rest of the OpenID authorization code flow is completed.
The parameters of the Login action specify where the user is redirected after login is complete. If the pageId is not set, the user is redirected to the homepage. The parameters are:
authUrlQueryParams: object: Query parameters to set for the authorization URL.pageId: string: The pageId of the page to redirect to after the login flow is completeinput: object: The input to set for the page the user is redirected to after login.urlQuery: object: The urlQuery to set for the page the user is redirected to after login.
The Login action can be used to update the user object, for example to update the user profile after it has been edited, or to make sure the user token is still valid before editing or creating a record in a database.
Examples
A login page that redirects users in the onEnter event:
id: login
type: Context
events:
onEnter:
# Redirect to "page1" if user is already logged in.
- id: logged_in_redirect
type: Link
skip:
_eq:
- _user: sub
- null
params: page1
# Call the Login action to log the user in.
- id: login
type: Login
skip:
_ne:
- _user: sub
- null
params:
# Redirect to "page1" after login is complete.
pageId: page1A set of login and logout buttons:
id: login_logout
type: Box
blocks:
- id: Login
type: Button
visible:
_eq:
- _user: sub
- null
events:
onClick:
- id: login
type: Login
- id: Logout
type: Button
visible:
_ne:
- _user: sub
- null
events:
onClick:
- id: logout
type: LogoutA signup button that uses authUrlQueryParams to request the signup screen:
id: Signup
type: Button
events:
onClick:
- id: login
type: Login
params:
authUrlQueryParams:
screen_hint: signupLogout
When the Logout action is called, the user data and authorization cookie are cleared by the app. The Logout action does not take any parameters. The user is then redirected to the URL configured in logoutRedirectUri, or the app homepage if this is not configured.
Some OpenID Connect providers provide a URL that the user can be directed to to logout the user from the the provider. These urls normally have a query parameter that specifies where the provider should redirect the user after they have logged out the user. These redirect URLs are normally configured with the provider.
The logoutRedirectUri can be a Nunjucks template string, with the following template variables:
client_id: The OpenID Connect client ID inLOWDEFY_SECRET_OPENID_CLIENT_IDhost: The app host URL. This url includes the URL prefix (https://orhttp://if running a development server), and is URI encoded. It is intended to be used as a query parameter.id_token_hint: The user idToken.openid_domain: The OpenID Connect client ID inLOWDEFY_SECRET_OPENID_DOMAIN.
Examples
Redirect to the logged-out page in the app after logout:
config:
auth:
openId:
logoutRedirectUri: '/logged-out'Redirect to the Auth0 logout URL and return to the logged-out page in the app after logout:
lowdefy: 3.17.2
config:
auth:
openId:
# Line breaks added for clarity
logoutRedirectUri: "{{ openid_domain }}/v2/logout?\
returnTo={{ host }}/logged-out&\
client_id={{ client_id }}"Redirect to the Keycloak logout URL and return to the logged-out page in the app after logout:
lowdefy: 3.17.2
config:
auth:
openId:
# Line breaks added for clarity
logoutRedirectUri: "{{ openid_domain }}/protocol/openid-connect/logout?\
post_logout_redirect_uri={{ host }}/logged-out&\
client_id={{ client_id }}&\
id_token_hint={{ id_token_hint }}"