Login is required

Verified email is required

2FA is required

Admin Interface

Feature Documentation

This demo app demonstrate 26 features related to authentication and security. Below are the instructions how to find them and see them in action. The features are split into basic and advanced categories. The basic features are numbers B1-B13, advanced features are numbered A1-A13.

You can get the code from GitHub of both backend and frontend applications and play with it locally. Instructions how to configure a local environment can be found in respective repositories.

The detailed explanation of the advanced features can be found in this Blog

Basic features

  • 1

    Create a new user

  • 2

    Login with email and password

  • 3

    'Remember me' feature to stay logged in

  • 4

    Logout from the current session

  • 5

    Delete your own account

  • 6

    OAuth via LinkedIn or Google

  • 7

    Email verification

  • 8

    Access based on the email verification status

  • 9

    Change the current password

  • 10

    Reset the forgotten password

  • 11

    As admin request a user to change the password

  • 12

    As admin block a user

  • 13

    As admin request a user to re-login

Advanced features

  • 1

    Send the link to restore the deleted account

  • 2

    Link local account with OAuth accounts

  • 3

    Prevent some user roles to use OAuth

  • 4

    Logout from OAuth providers

  • 5

    2FA including 2FA with OAuth

  • 6

    Extending JWT for active users

  • 7

    Auto logout with timeout counter

  • 8

    Advanced role based access control

  • 9

    One login only

  • 10

    Logout from all devices

  • 11

    Login as another user

  • 12

    Require password check for the critical actions

  • 13

    Sync auth status across browser tabs

Sign in menu

signIn

Top menu

topMenu

Left menu

leftMenu

User profile

profile

Auto logout

logout

Admin interface

admin
Features that are not shown in the screenshots above

  • B7

    After signing up, a verification email is sent to the specified email address.

  • A1

    After the user clicks “Delete Account,” an email with an account restoration link is sent.

  • A2

    Accounts are linked automatically based on the email address.

  • A3

    This is managed via the configuration table. In the Demo app, users with admin roles cannot use OAuth.

  • A6

    This process is automatic. When the user loads the app, the JWT token is recreated with the same parameters, thereby extending its validity time.

  • A9

    This is managed via the configuration table. The Demo app is not configured to demonstrate feature A10 (Logout from all devices). If activated, signing in on one device will automatically sign the user out from all other devices.

  • A12

    This is implemented using the ‘passwordCheck’ middleware. In the demo app, it's set up for feature A11 (Impersonation).

  • A13

    This is a frontend feature, implemented using the Broadcast Channel API.
Licensing

The backend source code, which is the main part of this application, is licensed under the MIT license. This means you can use it however you want, including for unlimited commercial purposes.

The frontend part of the application is for demo purposes only, allowing you to see the authentication features in action and experiment with it in your local or development environment.

Contact by Email
Connect via LinkedIn

© Copyright 2023

|

Auth Demo App

|

UI version : 1.2.2

|

API version :

|

Privacy Policy

|

Report a Bug