WRDAuth

Wrdauth setup

Security considerations

Authentication and authorization systems cannot be fully enforced on the client. The wrdauth JS api is intended to ease integration into websites, but you should not rely on eg the 'wh-wrdauth--isloggedin' class to hide sensitive information from users who are not logged in.

Please note that the wrdauth JS api cannot access the real login cookies - these are all marked as 'HttpOnly' to prevent the cookies from escaping in a XSS attack.

• WRDAuth setup
• Site integration
• Authentication pages
• Custom tollium backend
• Background information on wrdauth

WRD authentication APIs

• RECORD FUNCTION CheckAuthenticationSettings(STRING checks, RECORD authenticationsettings)
  

  Checks if authentication settings complu with password checks

• RECORD FUNCTION CheckPassword(STRING checks, STRING newpassword, RECORD options)
  

  Checks if a password complies with password checks

• RECORD FUNCTION CreateAuthenticationSettingsFromPasswordHash(STRING passwordhash, RECORD options)
  

  Returns authentication settings with the specified password hash as current password.

• STRING FUNCTION DescribePasswordChecks(STRING checks)
• RECORD FUNCTION GetDefaultAuthenticationSettings()
  

  Returns a record with default authentication settings

• RECORD FUNCTION GetDefaultWRDSchemaPasswordPolicy(OBJECT wrdschema)
  

  Returns the default WRD schema password policy

• INTEGER FUNCTION GetPasswordBreachCount(STRING pwd)
  

  Queries the haveibeenpwned (HIBP) service for the breach count of a password

• DATETIME FUNCTION GetPasswordMinValidFrom(STRING duration)
• OBJECT FUNCTION GetWRDAuthPlugin(STRING url, RECORD options)
  

  Get the authentication plugin for the specified url

• OBJECT FUNCTION GetWRDAuthUserAPI(OBJECT wrdschema)
  

  Get the user API of a WRD schema

• BOOLEAN FUNCTION IsDefaultAuthenticationSettings(RECORD value)
  

  Returns whether the specified authentication settings are the default value (no passwords set, no second factor set)

• BOOLEAN FUNCTION IsWHSafePublicEndpoint(STRING url)
  

  Check whether the URL has its own checks (eg authorization or hashed URLs) and should be excepted from login checks

• RECORD ARRAY FUNCTION ParsePasswordChecks(STRING checks, RECORD options)
• OBJECTTYPE WHUserApi
  

  Webhare user API object

• OBJECTTYPE WRDAuthPlugin
  

  WRD auth webdesign plugin

• OBJECTTYPE WRDAuthSupportBase
  

  Base class for WRDuth support objects

Frontend pages

• OBJECT FUNCTION GetWRDAuthPages(OBJECT webdesign, RECORD options)
  

  Implement standard login/passwordreset etc pages

WRD prefiller for forms

• OBJECTTYPE WRDAuthPrefillHandler

SAML integration

• OBJECTTYPE SAMLIDPConfigBase
  

  Base type for SAML IDP configuration

• OBJECTTYPE SAMLSPConfigBase
  

  Base type for SAML SP configuration