[Feat]: Improve the use of external User Authentication Provider #2116
Description
Current situation:
I’m building a non-public App in Lowcoder (Cloud) that needs solid (and configurable) user authentication and authorization and for that reason I wanted to use KeyCloak as User Authentication Provider. As a starting point I have setup a KeyCloak server and configured one of my Lowcoder workspaces for User Authentication by KeyCloak and disabled the standard Email Authentication - all according to the Lowcoder documentation.
Then I created a test-App in this workspace, which results in the following when launching it:
- First I see the standard Lowcoder login page to enter my email.
- Then a page to select the workspace of my App.
- And finally a button to go to the KeyCloak login page, where I need to enter (again) my username and password in order to get authentication for my App.
This is a very inefficient and user-unfriendly way of working, because several unnecessary steps have to be taken, which is also confusing for the user.
Ideal situation:
In the ideal situation the login-page of the external Authentication Provider (KeyCloak in my case) should be immediately shown after launching my App - so, without showing all the other dialogs or buttons.
PS: Of course the authentication dialog should not be shown in case of a public App, same as now.
Proposed solution:
It should be possible to achieve the described "ideal situation" because Lowcoder should already know the workspace of the launched app and so be able to go straight to the external Authentication Provider and show its login dialog. So, the solution should work as described below:
After launch of the App, first check in its known (!) workspace how many and which Authentication Providers are enabled. This should be done without entering the email address nor workspace, just check the known workspace.
And after this, follow one of these options:
1A) If the default Email authenticator is enabled, follow that (default) authentication process. > DONE
or:
1B) If the default Email authenticator is disabled, check how many authenticators are enabled:
this will be:
2A) If multiple authenticators are enabled, then display the buttons for all enabled authenticators within that workspace, so that the user can select one to use. > DONE
or:
2B) If just one authenticator is enabled, then go straight to the configured authenticator instance – without any dialogs or buttons. > DONE
So, this process should result in option 1A, 2A or 2B - depending on which and how many authenticators are configured in the workspace of the launched App.
Additional context:
This improvement has already been discussed on Discord and will result in a much better user experience when using an external User Authentication Provider, such as KeyCloak.
So, my request is to implement this improvement in the next release, so that everybody can benefit from it.