Currently, the default login form is displayed. I’m working on integrating it into a Vaadin login view.
2 Likes
Interesting. Do you have any use cases for that? Looks like you need to re-login with a new link once the token has been expired or am i wrong?
With Password its faster to login again once i am looked out and i see a big security issue there, if my mailbox has been stolen.
I see this very often with shopify shops. But anyhow it must be safe maybe its bound to a device?
The use case is for applications the user uses rarely, like once a week or month.
And yes, there is a chance of a man-in-the-middle attack depending on which channel the token or the magic link is sent.
I wouldn’t use it for applications the user uses constantly or that have sensitive data. There, I would use 2FA or passkey as a secure authentication mechanism. I would always use an IDP and never store a username/password in my database.
1 Like
Apparently the passkey is much more secure, from Vaadin then if we must use js to do part of the process.
Also that the LoginOverlay to integrate it with the OTT, I understand that I would have to modify things in the VaadinWebSecurity.
The setLoginView
Passkeys is a complete different use case. And as I wrote I wouldn’t want to implement that by my one. There are IDPs like Keycloak, Okta, Google, Microsoft etc that can do that.