This functionality was created to support login with social accounts when you forgot your password. Imagine a scenario, where you have an identity in the Onegini IDP but you do not remember the password. So you try to login with Facebook account instead. But your email address for Facebook account is not the same as for Onegini IDP. In that case you will be presented a migration login screen, where you can enter your email and password to link your facebook account with Onegini IDP identity. But you do not remember the password for Onegini IDP. That where the one time login link comes in.

This guide will walk you though the process of configuring action token login link for migration flows and trying it out.

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IDP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
  • access to Onegini IDP admin console
  • configured some social identity provider
  • user migration enabled

Configuration

Please follow Action token configuration to enable action tokens in your application.

In addition, under Configuration -> Identity Providers please check the Enable generating Action Token Login Link in UI option. This will show correct link to generate and send one time login email while migrating users.

Enabling this feature will populate properties during the migration flow:

  • #otl.isActionTokenLinkGenerationEnabled() which can be used in html templates to customize your view
  • #otl.getActionTokenLinkGenerationUrl() which gives you access to action token link generation view

Example usage:

<a th:id="'actionTokenLink'" 
  th:if="${#otl.isOneTimePasswordGenerationEnabled()}" 
  th:href="@{${#otl.getOneTimePasswordGenerationUrl()}}" 
  th:text="#{personal.generateOtl.text}">_Get one time login
</a>

Testing

Create a Onegini IDP identity (ex using Username Password idp) with email different than used in your social account. Try to log in with configured social idp (ex Facebook), and you will see the migration login screen. On this screen there will be a link to receive the one time login link. Click it, and on the next page enter email used to create Onegini IDP identity. Submit the form. You should receive an email with one time login link. Click on the link from the email, and you should be logged in and your social account migrated and coupled with CIM identity.