Files
talk/docs/source/integrating/version-5-auth.md
T
immber 4d41d999fb CORL-753 | DOCs Updates (#2776)
* added storyURL and storyID

* added story scraping section

* fixed typo on sso

* rebaseing on latest release/4 branch

* updated version on slack docs

* added Contributing a Translation section to developing

* fixing typos

* updated v5 config page, reorder list, add toc

* added cli sect, fixed contact menu link

* updated talk to coral on contact page

* added a new v5 auth section

* added session length to auth docs

* added an admin settings page to v5

* added v5 css section

* added a v5 notifications section

* updated faq and troubleshooting, moved out of v4 menu

* added migrating to v5 and moved migrating section out of v4

* added plugins note to migration pg

* fix: linting and extra HTML

* change sidebar migrating v5 to v5.0+

Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com>

* downtime being likely is too optimistic, it will be required

Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com>

* rewords plugins note on migrating to v5

Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com>

* tag code block as html

Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com>

* added link to contributing

* rephrased openid connect description

* fixed link to contributing

* correcting descriptions of email auth behavior

Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com>

* Adding link to css classnames

Co-Authored-By: Wyatt Johnson <wyattjoh@gmail.com>

* renamed new auth to Social and Email Authentication

* pulled extra line breaks

Co-authored-by: Wyatt Johnson <accounts+github@wyattjoh.ca>
2020-01-08 21:25:58 +00:00

3.1 KiB

title, permalink
title permalink
Social and Email Authentication /v5/integration/auth/

Authentication Strategies

There are several strategies to choose from when it comes to user authentication. Login methods can be enabled or disabled for both the Coral Admin and the Comment Stream separately thus allowing you to use different methods for different user groups.

You can also use "Allow Registration" to restrict or allow users that have not signed up before to register and create new user accounts.

To configure authentication for your instance of Coral, go to Configure > Authentication.

Login with email authentication

Best when you want Coral to manage all user registration, creation and authentication. Requires the least amount of setup and configuration. Users register by creating a Username (must be unique across users, no spaces or special chars), Email, and Password. All user details are stored in Coral's database.

By Default - users are sent a verification email and are prompted to verify email addresss, however completing the email verification step is not required to submit comments.

Login with OpenID Connect

Allows integration with your existing OpenID Connect authentication provider. When enabled this strategy adds a "Login with ___", button to Coral's login modal with the value you've specified for Provider Name.

With OpenID Connect authentication is handled by passing an access token parameter to the comment stream embed when placing the call to render it. To learn more please visit: https://openid.net/connect/

Login with Single Sign On

When you want users to authenticate via your existing identity system, and be automatically registered/logged into Coral. Users register, login, and manage their user details on your existing site, your user database maintains the source of truth for all user information. Users are created and updated in Coral via jwt tokens passed from your auth service to Coral.

Requires advanced configuration, please see: Single Sign On

Login with Google & Facebook

Allows users to use existing social media account to sign in. Requires you to setup API keys with social sign on provider, and configure your API keys in Coral.

Users register and login via a “Sign in with ….”, and are not required to set a password if Email based authentication is not enabled. Users with social accounts are prompted to associate an email address with their social profile to enable notifications.

Commenter Account Management Features

Optional features you can enable or disable to allows users to:

  • change their usernames (once every 14 days)
  • download their comments
  • delete their account details.

Session settings

Determines length of user sessions when not using SSO or when exp claim is not provided on jwt. Default: 90 Days.

Username Restrictions

Coral usernames are subject to the following validations:

  • USERNAME_REGEX = (/^[a-zA-Z0-9_.]+$/)
  • USERNAME_MAX_LENGTH = 30
  • USERNAME_MIN_LENGTH = 3

NOTE: SSO users are not subject to username restricitons