Wt  4.11.0
Loading...
Searching...
No Matches
Classes | Enumerations
Authentication module (Wt::Auth)

A module that implements authentication functions. More...

Classes

class  Wt::Auth::FacebookService
 OAuth service for Facebook as third-party authenticator. More...
 
class  Wt::Auth::GoogleService
 OAuth service for Google as third-party authenticator. More...
 
class  Wt::Auth::PasswordStrengthValidator
 A default implementation for password strength validation. More...
 
class  Wt::Auth::AbstractPasswordService
 Abstract password authentication service. More...
 
class  Wt::Auth::AbstractUserDatabase
 Abstract interface for an authentication user database. More...
 
class  Wt::Auth::AuthModel
 Model for implementing an authentication view. More...
 
class  Wt::Auth::EmailTokenResult
 The result of processing an email-sent token. More...
 
class  Wt::Auth::AuthTokenResult
 The result of processing an authentication token. More...
 
class  Wt::Auth::AuthService
 Basic authentication service. More...
 
class  Wt::Auth::AuthWidget
 An authentication widget. More...
 
class  Wt::Auth::Dbo::AuthInfo< UserType >
 A default implementation for authentication data in Wt::Dbo. More...
 
class  Wt::Auth::Dbo::AuthToken< AuthInfoType >
 A default implementation for an authentication token in Wt::Dbo. More...
 
class  Wt::Auth::Dbo::AuthIdentity< AuthInfoType >
 A default implementation for a authentication identity in Wt::Dbo. More...
 
class  Wt::Auth::Dbo::UserDatabase< DboType >
 A default implementation for an authentication user database. More...
 
class  Wt::Auth::FormBaseModel
 A base model class for authentication-related forms. More...
 
class  Wt::Auth::HashFunction
 An abstract cryptographic hash function interface. More...
 
class  Wt::Auth::MD5HashFunction
 A cryptograhpic hash function implemented using MD5. More...
 
class  Wt::Auth::SHA1HashFunction
 A cryptographic hash function implemented using SHA1. More...
 
class  Wt::Auth::BCryptHashFunction
 An cryptographic hash function that implements bcrypt. More...
 
class  Wt::Auth::Identity
 A class that represents a user identity. More...
 
class  Wt::Auth::Login
 A class that manages the current login state. More...
 
class  Wt::Auth::LostPasswordWidget
 A widget which initiates a lost-password email. More...
 
class  Wt::Auth::OAuthAccessToken
 An OAuth access token. More...
 
class  Wt::Auth::OAuthProcess
 An OAuth authorization (and authentication) process. More...
 
class  Wt::Auth::OAuthService
 An OAuth authorization (and authentication) service provider. More...
 
class  Wt::Auth::OidcProcess
 An OpenId Connect authentication process. More...
 
class  Wt::Auth::OidcService
 An OpenId Connect authentication service provider. More...
 
class  Wt::Auth::PasswordHash
 A password hash. More...
 
class  Wt::Auth::PasswordPromptDialog
 A dialog that prompts for the user password. More...
 
class  Wt::Auth::PasswordService
 Password authentication service. More...
 
class  Wt::Auth::PasswordVerifier
 Password hash computation and verification class. More...
 
class  Wt::Auth::RegistrationModel
 Model for implementing a registration view. More...
 
class  Wt::Auth::RegistrationWidget
 A registration widget. More...
 
class  Wt::Auth::ResendEmailVerificationWidget
 A widget to resend the email verification email. More...
 
class  Wt::Auth::Token
 An authentication token hash. More...
 
class  Wt::Auth::UpdatePasswordWidget
 A widget which allows a user to choose a new password. More...
 
class  Wt::Auth::User
 A user. More...
 

Enumerations

enum class  Wt::Auth::PasswordResult { Wt::Auth::PasswordResult::PasswordInvalid , Wt::Auth::PasswordResult::LoginThrottling , Wt::Auth::PasswordResult::PasswordValid }
 Enumeration for a password verification result. More...
 
enum class  Wt::Auth::IdentityPolicy { Wt::Auth::IdentityPolicy::LoginName , Wt::Auth::IdentityPolicy::EmailAddress , Wt::Auth::IdentityPolicy::Optional }
 Enumeration for an identity policy. More...
 
enum class  Wt::Auth::LoginState {
  Wt::Auth::LoginState::LoggedOut , Wt::Auth::LoginState::Disabled , Wt::Auth::LoginState::Weak , Wt::Auth::LoginState::Strong ,
  Wt::Auth::LoginState::RequiresMfa
}
 Enumeration for a login state. More...
 
enum  Wt::Auth::ClientSecretMethod { Wt::Auth::HttpAuthorizationBasic , Wt::Auth::PlainUrlParameter , Wt::Auth::RequestBodyParameter }
 Enumeration of the OAuth client authorization method. More...
 

Detailed Description

A module that implements authentication functions.

This module implements a complete modular authentication system for Wt applications.

The module is organized in model classes, which implement authentication logic, and view classes which are widgets that implement UI components.

Model

The model layer is organized in a number of service classes, which provide the configuration and authentication services, and are generally shared between different sessions, and session classes which implement the authentication state for each session.

The service classes are:

There are a number of utility classes too:

The session classes are:

Views

The view classes typically use service classes and session classes.

The included views are:

Enumeration Type Documentation

◆ ClientSecretMethod

Enumeration of the OAuth client authorization method.

Specifies how the OAuth client authorizes itself with the auth provider. I.e. how it passes the client ID and secret to the provider.

See also
OAuthService::clientSecretMethod
OAuthClient::authMethod
Enumerator
HttpAuthorizationBasic 

Pass the client ID and secret to the auth provider with a GET request with Basic auth.

PlainUrlParameter 

Pass the client ID and secret to the auth provider as URL parameters of a GET request.

This is not part of the standard but this is what Facebook does.

RequestBodyParameter 

Pass the client ID and secret to the auth provider as parameters of a POST request.

◆ IdentityPolicy

Enumeration for an identity policy.

This enumeration lists possible choices for the user identity (login name).

When using password authentication, it is clear that the user has to provide an identity to login. The only choice is whether you will use the user's email address or another login name.

When using a 3rd party authenticator, e.g. using OAuth, a login name is no longer needed, but you may still want to give the user the opportunity to choose one.

See also
AuthService::setIdentityPolicy()
Enumerator
LoginName 

A unique login name chosen by the user.

Even if not really required for authentication, a user still chooses a unique user name. If possible, a third party autheticator may suggest a user name.

This may be useful for sites which have a social aspect.

EmailAddress 

The email address serves as the identity.

This may be useful for sites which do not have any social character, but instead render a service to individual users. When the site has a social character, you will likely not want to display the email address of other users, but instead a user-chosen login name.

Optional 

An identity is optional, and only asked if needed for authentication.

Unless the authentication procedure requires a user name, no particular identity is asked for. In this case, the identity is a unique internal identifier.

This may be useful for sites which do not have any social character, but instead render a service to individual users.

◆ LoginState

Enumeration for a login state.

See also
Login::state()
Enumerator
LoggedOut 

No user is currently identified.

Disabled 

The identified user was refused to login.

This is caused by for example User::status() returning AccountStatus::Disabled, or if email verification is required but the email hasn't been verified yet.

Weak 

A user is weakly authenticated.

The authentication method was weak, typically this means that a secondary authentication system was used (e.g. an authentication cookie) instead of a primary mechanism (like a password).

You may want to allow certain operations, but request to authenticate fully before more sensitive operations.

Strong 

A user is strongly authenticated.

RequiresMfa 

Requires multiple factors in the authentication process.

After logging in through a primary method, like password, or if the authentication was remembered through a cookie, the user will be prompted with an additional authentication request.

Using Wt's default implementation, this will ask for the TOTP code.

◆ PasswordResult

Enumeration for a password verification result.

See also
AbstractPasswordService::verifyPassword()
Enumerator
PasswordInvalid 

The password is invalid.

LoginThrottling 

The attempt was not processed because of throttling.

PasswordValid 

The password is valid.