authgear / docs Goto Github PK

• The value is in messageformat syntax. Worth mentioning the underlying implementation, as well as the official guide. But we have to tell the developer that since everything is stored in JSON, they have to ensure the value is valid JSON, for example, they cannot put arbitrary linebreaks.

Explain to developers who are familiar with OAuth and OIDC and they want to know what Authgear is.

A quote from Terry

• OIDC has two party: Identity Provider(IdP) and Relying Party(RP)
• RP is the OAuth client, IdP is the OAuth server
• Authgear can act as RP to other IdP, e.g. Google, Facebook
• Authgear can also act as IdP to RPs, e.g. your developed mobile app, website, etc.
• Basically, Authgear is a identity federation gateway

App store reviewers cannot use OTP to login

• Template are written using Go template. The official documentation is the definitive way to learn that. https://golang.org/pkg/text/template/
• Do not know which template to edit. For example, the developer do not know which template to edit if they want to edit the one-time password code email during primary authentication. How should we present the full list to the developer to let them know available templates for editing? How do we explain the mapping between the name of the template (e.g. forgot_password_email.html) and when the user will receive the rendered template (e.g. the user will receive the email when they claims they forgot their password)

The following are missing for some platform:

• user profile
  • flutter
  • react native? (already has web tab)
• Using SDK to call your application server
  • flutter
• Account deletion
  • iOS
  • Android

Missing API (!)

• ClearSessionState used in Using SDK to call your application server -> Handle revoked sessions
  • flutter

authgear/authgear-server#982

• - /.well-known/openid-configuration
• - /.well-known/oauth-authorization-server
• - /_resolver/resolve
• - /_api/admin/graphql

• Also fix ok-http extension getting SDK not using jitpack

There is no doc or any info for the possible value for sessionState.

Link: https://docs.authgear.com/get-started/website#get-the-logged-in-state

It is only found in the npm package itself.

The instruction in the quickstart guide is not enough.
A developer should be able to set up a simple login/logout flow and send authenticated requests by ONLY following the quick start guide without looking at the SDK reference.

Please refer to the sections in https://docs.authgear.com/get-started/website

In Get Started:

• Add how to Get the SessionState and UserInfo (ref: https://docs.authgear.com/get-started/website#get-the-logged-in-state)
• Add How to send an authenticated requests to API (ref: https://docs.authgear.com/get-started/website#calling-an-api)

Add Xamarin code samples to other pages:

• https://docs.authgear.com/strategies/biometric
• https://docs.authgear.com/integrate/auth-ui
• https://docs.authgear.com/integrate/reauthentication
• https://docs.authgear.com/integrate/single-sign-on
• https://docs.authgear.com/integrate/force-authentication-on-app-launch

https://docs.authgear.com/webhooks/webhooks

The JS SDK v.1.0 is released,
some of the function names have been changed and post-logout url becomes required in web.
please update:

• https://docs.authgear.com/get-started/website
• https://docs.authgear.com/get-started/react-native

• How to enable WhatsApp OTP from the Portal?

update the sample codes for iOS to reflect "authorize" function signature changes to "authenticate" in authgear/authgear-sdk-ios#81

After these are done: authgear/authgear-sdk-ios#62, authgear/authgear-sdk-android#73

In custom domain documentation, we MUST tell the developer not to enable proxy on the CNAME record.

Answer these in the doc:

• Will changing/remove/re-enroll invalidate the biometric login key?
• what exactly are the implications of different BiometricOptions?
• After enabling biometric, if the device has turned off the biometric setting in device setting level, what would happen?
• clarify the meaning of isBiometricEnabled

https://docs.authgear.com/deploy-on-your-cloud/configurations/authgear.yaml

For example the ui.country_calling_code.pinned_list part is deprecated, i think just update the json schema without example will be already helping so much. :Adore:

There are a few problems I faced while trying to following the "Setup Application in Authgear" on the following pages, and configure with my app (the internal demo app) for quick try.

• Xamarin SDK
• Flutter SDK
• React Native SDK
• Android SDK
• iOS SDK
• Web SDK

Please try to rewrite the section to resolve the following problems a new dev will face.

Problems:

1. Step 1: It should start with creating the project and selecting it. Users new to authgear may misunderstand that "Applications" = "Projects" and get confused.
2. Step 2: "Add Application" is not on the top right corner in the portal
3. Step 3: What's mean by this is for reference only? What or whose reference? And better to have an example here
4. Step 4: What's a custom scheme? How should I define it for my project? Since there is no public demo app now, cannot just use a sample URI to plug and play, could reference user to the section teaching how to make this.
5. Step 4 & 5: The steps for Add URI is unclear, please write in 1 step for each click, e.g. Click XX, Click XX, Back to Applications page, Copy the "Client ID" for later use.
6. JWT tooltip: Too much unknown terms for new dev to see the tool tip for JWT access token and may get a bit shocked: JWT access token? forward incoming requests, what requests will they be? Authgear "Resolver" Endpoint is another thing? Suggest extracting this tooltip section from the simple step-by-step guide above. If possible please also revise the tooltip to explain or add reference links for the terms.
7. Suggest adding a screenshot for a correct setup sample.

authgear/authgear-server#540 (comment)

Ref: authgear/authgear-server#1715

https://docs.authgear.com/integrate/reauthentication

Reauthentication via Biometric is supported by not documented. Please add the guide for this feature.

All "c" in the wechat name should be lower case

• how to configure custom email provider in the Portal
• How to verify the sender domain

• The most important thing is to tell the developer to update ALL endpoints to the custom domain, including all of their websites, web apps, mobile apps.

• Download Key and generate JWT
• The Endpoint and how to access it with JWT
  • /_api/admin/graphql
• Schema of the GraphQL
• Accessing the GraphiQL Query builder

Add documentation and examples under the "Admin API" section in the docs,
to provide guides on the integration to update user attributes, and especially upload profile pic in the backend.

https://docs.authgear.com/apis/admin-apis

Reference: https://github.com/authgear/authgear-server/blob/master/docs/specs/images.md

• Overview of the SDK?
• Sample code of how to configure the SDK?

• Client application (refresh token and access token)
• Web (lifetime and idle timeout)

https://tools.ietf.org/html/rfc8252#section-8.12

• Follow-up solution converted to issue #761
• Documentation

1. Should mention the doc is for cookie based website only
2. Should place under https://docs.authgear.com/tutorials/...

Doc page: https://docs.authgear.com/integrate/reauthentication

Will add prefersSFSafariViewController boolean flag for user to choose using SFSafariViewController. Need to inform user about the pros and cons, and instruct user how to setup deep link with react native

#import <AGAuthgearReactNative.h>
...
- (BOOL)application:(UIApplication *)application
            openURL:(NSURL *)url
            options:(NSDictionary<UIApplicationOpenURLOptionsKey,id> *)options
{
  return [AGAuthgearReactNative application:application openURL:url options:options];
}

Also, update react native async storage dependency.

@react-native-community/async-storage: -> @react-native-async-storage/async-storage

https://docs.authgear.com/webhooks/webhooks#check-the-webhook-signatures

This section should mention how webhooks are validated with the obtained key

The first input box is already created for the user, so no need to Click "⊕Add URI"

• UserInfo
• Portal
• Settings
• Access Control and Configuation
• Webhooks