User login
Bobuild lets you protect your app, or parts of it, with user logins. The mechanism is very flexible and can be adapted to any need.
The basic idea is that users are just normal records of an object that you decide to use for authentication.
Several authentication methods are available:
- E-mail + password
- E-mail + magic link sent via e-mail
- Login with Google
- Login with Microsoft/Office365
- Login with SPID
- Login with CIE (Italian Electronic Identity Card)
Login can be enabled for each top-level page (we also call them portals), which means that you can have different authentication methods for different parts of your app.
In this example, the app contains three portals:
- a backoffice portal, which is protected by a login based on the operator object
- a customer portal, which is protected by a login based on the customer object and also allows self-service registration
- a public section, which is not protected by any login
- How to configure it in the builder
- How it looks like in the resulting app
How to set up login
Open the top-level page you want to protect. You'll notice a "Public" badge in the top bar, which means that the page and its sub-pages are currently not protected by any login:
Clicking on it will bring you to the login settings:
Here you can choose the object to use for user authentication. If the object you intend to use is not listed in the dropdown, make sure it has an e-mail field and a password field.
After selecting an object, the e-mail + password login will be enabled and you can proceed to refine its configuration if needed.
Setting roles and authorizations
The login mechanism is very flexible and allows you to restrict which users can access which pages. For instance, you might only allow customers to access your portal if they are marked as "active", or you might want to allow only certain employees to access a specific area of your backoffice.
In order to do this, you can set rules like this:
Another way to use rules is to create a "roles" field in your user object, whose type is "Multiple Choice". This way you can attach multiple tags to each user representing their authorizations, and use them in the login rules like this:
Self-service registration and password reset
If you want to let your users create their account, you can enable self-service registration. This will add a "Register" button to the login page, linked to a specific sub-page that you can freely customize adding a form widget that collects user's data and creates a new record in the user object.
Here are some good ideas to consider when enabling self-service registration:
- Consider sending an e-mail confirmation to the user after registration. This is easily done by configuring a "Send e-mail" task in the registration form.
- Consider enabling password reset using the built-in functionality, so that users can recover their password if they forget it.
- If you want to review and approve new users before they can access the app, create a boolean field named "Active" in your user object (or, alternatively, in case you want to handle multiple statuses, a choice field named "User Status"), and leave it to a default value when users register. Then, in your backoffice portal, create a grid widget to list all users needing approval. Then, configure the login rules to allow access only to users with "Active" set to true as described above.
- How to configure it in the builder
- How it looks like in the resulting app
Redirecting users after login
In the "Follow-up" section of the login widget configuration you can define rules in order to redirect users to another page after login. For instance, you might want to check if the user accepted your Terms of Service or updated their details and point them to the relevant pages instead of having them redirected to the main page.
Login methods
E-mail + password
This is the most classic authentication method. In order to enable this, you need to make sure your user object has an e-mail and a password field. Make sure the e-mail field is marked as unique.
Magic link
With this authentication method, users will be presented with a single input box asking for their e-mail address. If the provided address is present in the object you chose as the user object, a message will be sent via e-mail to the entered e-mail address containing a short-lived link. By clicking on such link, user will be automatically logged into your reserved area.
This method is convenient in many situations, and it is not less secure than using an e-mail/password combination: in fact, it relies on the fact that only the legitimate user can access their mailbox.
Google
A very convenient way to authenticate your users is to use the Login with Google button. This allows users to log in to your app using their Google account, without having to remember yet another password. This is not only convenient for external users, but also for your internal users as you'll rely on Google credentials security, including Two-Factor Authentication.
In order to configure the Google login, you'll need to tell Bobuild how the Google user data relates to your user object fields. This is needed for multiple reasons:
- to find the user in your app if already present (Google user ID and/or e-mail address will be used as search criteria)
- to create a new user if not present yet (Google user ID, e-mail address and name will be used to populate the new record)
It is usually enough to map the e-mail field, which will identify the user uniquely. Google user ID and name are optional; if you don't map them, they will be ignored.
- How to configure it in the builder
- How it looks like in the resulting app
Microsoft/Office365
Similarly to the Google integration, Bobuild supports using your Microsoft accounts to login. You'll just need to make sure your user object has an e-mail field, as it will be used to check that the identity returned by Microsoft can access your application.
SPID/CIE
Bobuild is compatible with the Italian public digital identities, using the metadata and certificate provided by the customer in order to provide a seamless login experience. If you need to enable SPID and login methods, please contact us.
Other login mechanisms
If you have other needs, please contact us as we have a development roadmap that may fit your needs.