Routes
The package creates the following routes:
| Name | Method & URI | Notes |
|---|---|---|
<name_prefix>login |
GET <uri_prefix>/login |
|
<name_prefix>logout |
POST <uri_prefix>/logout |
|
<name_prefix>password.change |
GET <uri_prefix>/change-password |
If enabled in config |
sso.saml.metadata |
GET /sso/saml |
|
sso.saml.acs |
POST /sso/saml/login |
SAML "Assertion Consumer Service" endpoint |
sso.saml.slo |
GET /sso/saml/logout |
SAML "Single Logout" endpoint |
The login route is compatible with both the built-in auth middleware and the nexus.auth middleware. You can also create a link to the login page using route('login') (or $route('login') in Nexus).
The logout route can similarly be linked to using route('logout'). Note that it must be a POST request not GET (for security) - either use a button in a <form> tag or see this runner for an easy way to change a link from GET to POST using JavaScript.
(TODO: We could add a signed GET /logout route if we wanted to allow links without JavaScript and without opening a security hole.)