AuthRocket supports 3 primary approaches to handling user logins:
Each approach has advantages in certain situations. Don’t worry about selecting the wrong one–it’s easy to migrate between approaches later. You can even use 2 or all 3 simultaneously if needed.
The quickest way to implement logins for any web-based app is our fully hosted option. In this case, we will host the login form on our servers. We’ll handle everything related to logins and forgotten passwords.
If you’re just getting a new app up and running, this is ideal as it frees you to focus on more significant parts of your app. You can always change to a more customized experience later.
AuthRocket provides the ability to optionally link to a custom, external CSS file and/or configure extra HTML for a header or footer, allowing you to significantly customize the look and feel of the login process while still enjoying the benefits of letting us host everything for you.
See the Quickstart for an overview.
Another alternative is to host the login form on your own site, but allow us to process it via an AJAX call. The JS library we provide for this is authrocket.js.
You can choose to process forgotten passwords through authrocket.js as well, or you can let those be handled by our hosted site, as outlined above.
While this takes a little bit more work than the fully hosted solution, it also provides the ability for the login form to be placed on any page, such as right on your homepage. The fully hosted login page remains available too, so you can combine the two approaches if appropriate for your app.
See authrocket.js for more.
The AuthRocket API is full-featured and complete. For a truly custom experience, you are free to implement your own handling of logins and forgotten passwords and make the relevant API calls to AuthRocket from your own backend.
This gives you complete flexibility while still enjoying the other benefits of AuthRocket.
See the Users API, especially the Authentication methods.
For non-web-based apps (eg: iOS or Android), it is possible to use the same API that authrocket.js uses. See the API docs for LoginRocket.
It is also possible to handle everything from your backend app and have your mobile or other frontend app only talk directly to your backend app.
For organizations that wish to ensure their app never sees a password, both the fully hosted and authrocket.js solutions will accomplish your goal. In both cases, passwords are always sent directly to AuthRocket and never brokered by your app, relieving you of responsibility for securely handling user passwords.
If you are processing logins for multiple apps, most likely in an SSO scenario, it’s common to configure one Connected App for each app. Connected Apps contain the configuration set for both the fully hosted and the authrocket.js options mentioned above.
See SSO with AuthRocket for more details.