Web Widgets
Web Widgets are embeddable UI elements for common user management interactions including register, sign in, user settings and account recovery. The widgets are configurable to your needs.
Widgets are embedded elements that use iframes. Your app is required to add
frame-src exception in content security policy if the domain of Authcore is not on the same origin domain.The packages will be published to npm when v1.0 is released
Install via npm:
$ npm install authcore-js
Install via yarn:
$ yarn add authcore-js
<!-- Element for the widget to be injected -->
<div id="authcore-register-container"></div>
<script>
let privateStore = {};
// Instantiate Register widget
new AuthCoreWidgets.Login({
container: 'authcore-register-container', // Id of the HTML element for the widget
root: 'https://authcore.example.com/widgets', // Authcore is hosted on the sub-domain of example.com,
initialScreen: 'register', // Set initial screen to register
logo: 'default', // Default to show Authcore logo
company: 'Authcore',
successRedirectUrl: 'https://application.example.com',
analyticsHook: (type, data) => {
// type is a string describing the event. It is contained in the event list. All Authcore events are typed with prefix `Authcore_`.
// data is a object which is the associated data of an event. By default, if no data is associated, it will be a empty object `{}`.
// code for analytics
}
});
</script>
<!-- Element for the widget to be injected -->
<div id="authcore-profile-container"></div>
<script>
// Instantiate Profile widget
new AuthCoreWidgets.Profile({
container: 'authcore-profile-container', // Id of the HTML element for the widget
root: 'https://authcore.example.com/widgets', // Authcore is hosted on the sub-domain of example.com
accessToken: 'ACCESS_TOKEN_TO_BE_PROVIDED',
callbacks: {
// Handle the unauthenticated case returns from the widget
unauthenticated: () => {};
}
});
</script>
Parameter | Type | Description |
container | REQUIRED, string | The id of the HTML element where the widget will be rendered. |
root | OPTIONAL, string | The domain where the Authcore widgets hosts, if it is not set it will refer to the window origin location with /widgets. |
logo | OPTIONAL, string | The logo shown in the widget. If no value is passed this section is hidden. Should be in absolute path format, also accept value "default" to serve as showcase of the widget style for Login widget. |
company | OPTIONAL, string | The company name shown in the widget. If no value is passed this section is hidden. |
accessToken | REQUIRED except for Login or RefreshTokenwidget, string | The access token for API request requires authentication. This is done by using authorization code returned with successRedirectUrlfrom Login widget to get access token from create access token API. |
primaryColour | OPTIONAL, string | The primary colour of the widget. Primary colour mainly consists of general button colour, link colour and border colour when the field box is in focus. Allow colour code, RGB colour value or named colour. |
successColour | OPTIONAL, string | The success colour of the widget. Success colour mainly consists of verified message and icon. Allow colour code, RGB colour value or named colour. |
dangerColour | OPTIONAL, string | The danger colour of the widget. Danger colour mainly consists of error message, button colour for destructive action (e.g. Remove contact) and invalid field box border. Allow colour code, RGB colour value or named colour. |
requireUsername | OPTIONAL, boolean | The flag whether username is included in registration and sign in. |
language | OPTIONAL, string | Widget language when it is loaded, default to be English when it is not set or the value is invalid or unavailable. |
onSuccess | OPTIONAL, function | Callback hook after the certain action from widgets is success. Return the result including action as key in object format, use destructing assignment to get the data required. |
onLoaded | OPTIONAL, function | Callback after the widgets is loaded and mounted to the site. |
analyticsHook | OPTIONAL, function | Hooks for analytics to recieve events. Two parameters describing the event are given for the hook, including type and data. |
unauthenticated | OPTIONAL, function | Callback when the widget returns unauthenticated error. |
Action list for
onSuccess callback:Success callback is now DEPRECATED, use successRedirectUrl for registration or sign in flow.
These widgets provides a simple UI widget for authenticating or registering users.
For register page, the field with
Email or mobile label refer as contact field. For sign in page, the input field refer as handle field.Parameter | Type | Description |
successRedirectUrl | REQUIRED, string | The URL to be redirected with authorization code when registration or sign in flow is success. |
contact | OPTIONAL, string | The pre-fill contact(Register screen) or handle field value for Signin widget. |
fixedContact | OPTIONAL, boolean | The flag indicates contact(Register screen) or handle field is fixed or not. If it is set to be fixed value should be provided on contact param, otherwise error will be throwed as it is impossible for user to sign in. |
initialScreen | OPTIONAL, string | The flag indicates the initial screen, either register or signin, default to be signin. |
socialLoginPaneStyle | OPTIONAL, string | The flag to decide position where social login pane should located, either topor bottom, default to be bottom. |
socialLoginPaneOption | OPTIONAL, string | The flag to decide option where social login pane in grid or list stye, either grid or list, default to be grid. |
buttonSize | OPTIONAL, string | The flag to decide button size, either normal or large, default to be large. |
For
register as initialScreen:
When registration is completed, the screen will show loading spinner and redirect to
successRedirectUrl set in widget instance.For
signin as initialScreen:
Social login pane list:
Normal button size:
Authcore provides some user widgets for updating a logged in user. These widgets require the
accessToken parameter, which can be obtained from the access_token parameter from onSuccess callback in login widgets.Show the settings of current login user, including password, 2-steps verification, devices (i.e. sessions) and social login sections.
Show the page to create Pass as 2-steps verification factor. It shows a QR code to be scanned for registration, once the process is successful it triggers
onSuccess callback.Follow the setting below to configure the page:
<!-- Element for the widget to be injected -->
<div id="authcore-pass-container"></div>
<script>
// Instantiate Pass widget
new AuthCoreWidgets.SettingPass({
container: 'authcore-pass-container', // Id of the HTML element for the widget
root: 'https://authcore.example.com/widgets', // Authcore is hosted on the sub-domain of example.com
accessToken: 'ACCESS_TOKEN_TO_BE_PROVIDED',
internal: true,
onSuccess: () => {
// Handle the case after the factor registration is successful.
}
});
</script>
We provide multiple events for analytics purpose. All events shown below are prefixed with
Authcore_.The events are show below:
Type | Data (if any) | Description |
loginWidgetLoaded | - | When a login widget (e.g. register / login) page is loaded |
registerStarted | contactType: "email" / "phone" | When a user triggered register |
oauthStarted | service: "google" / "facebook" / "matters" / "twitter" / "apple" | When a user triggered oauth from social platform |
loginStarted | method: "password" | When a user login using password |
navigation | from/to: Page name("Register"/"SignIn") | When a user switch between register/sign in page within Login widget |
Because of page reload in redirection, the widget cannot emit loginSuccess and registerSuccess events to the original page. Therefore, it is advised to record the success events manually in the redirected pages (from
successRedirectUrl), and pages after signin.Last modified 2yr ago