AuthRocket offers 3 ways to handle new user signups:
Fully hosted and authrocket.js both greatly simplify the registration process. They also ensures that passwords are only seen by AuthRocket.
Both fully hosted and authrocket.js offer a further choice:
Having AuthRocket create ready-to-go Users makes things incredibly simple. So simple in fact, that we actually tell your app about a new login, not a new signup.
This configuration always uses the login_handler
URL. It does pass along an extra parameter (&signup=true
) upon the initial login to let you know it’s a new user.
A User is created, just like above. In addition, an Org and a connecting Membership are also created. The Org’s name can be asked for (great for B2B apps) or it can be named after the user (ideal for most B2C apps). Default permissions for the membership can also be assigned.
Instructing AuthRocket to use Signup Tokens instead gives you increased flexiblity during the user registration process. Most frequently this is used to collect other registration information, such as payment information, and allows validation of that other data in advance of finalizing creation of the AuthRocket User record.
For example, when collecting payment information, it is often desirable to confirm a successful charge before creating the User record. In this case, your app can attempt to change the user’s credit card, and only if it succeeds will your app then use the Signup Token to create the final User record.
Signup Tokens are sent to your app using the signup_handler
URL.
The quickest way to implement signups for any web-based app is our fully hosted option. Just like hosted logins, we will also host the signup form on our servers.
We encourage using fully hosted signups and logins whenever time-to-deployment is important. You can always move to another choice later (and run them in parallel too).
Hosted signups uses the same flexible customization via CSS and added HTML as hosted logins.
See the Quickstart for an overview.
When handling signups via authrocket.js, the signup form is hosted by your app. An AJAX call is used to validate the signup data and either a login token or signup token (when in User mode or Signup Token mode, respectively) is returned to the browser and then sent to your app for completion of the login or user creation process.
authrocket.js can be used for both signups and logins, or just one of the two.
If you prefer, your app can also manage all aspects of the signup process and use AuthRocket’s API to create Users at the proper time in the signup flow.
For non-web-based apps (eg: iOS or Android), it is possible to use the same API that authrocket.js uses. See the API docs for LoginRocket.
It is also possible to handle everything from your backend app and have your mobile or other frontend app only talk directly to your backend app.
For organizations that wish to ensure their app never sees a password, both the fully hosted and authrocket.js solutions will accomplish your goal. In both cases, passwords are always sent directly to AuthRocket and never brokered by your app, relieving you of responsibility for securely handling user passwords.
If you are processing signups for multiple apps, most likely in an SSO scenario, you’ll want to configure one Connected App for each app. Connected Apps contain the configuration set for both the fully hosted and the authrocket.js options mentioned above.
See Single Sign-on with AuthRocket for more details.
Questions? Find a Typo? Get in touch.