I’m working on a Perspective project where I’d really like the login flow to stay inside my own custom “/login” view instead of launching the built-in IdP page. The idea is:
- User types username / password on my custom view.
- I call
system.security.validateUser()against the default Ignition user source. - If the credentials check out, I programmatically set the session’s auth properties so Ignition treats the session as authenticated (roles, security levels, etc.).
- Navigate to the main app.
The property editor in the Designer shows the little “writable through scripts/bindings” tooltip on session.props.auth.*, so in theory I can do something like:
valid = system.security.validateUser(uname, pwd)
if valid:
# attempt to “log in” manually
session.props.auth.authenticated = True
session.props.auth.user = {
"id": str(system.user.getUser("default", uname).id),
"userName": uname,
"firstName": "",
"lastName": "",
"email": "",
"roles": ["Administrator"],
"timestamp": system.date.now()
}
session.props.auth.securityLevels = [
{"name": "Authenticated", "children": [
{"name": "Roles", "children": [
{"name": "Administrator", "children": []}
]}
]}
]
system.perspective.navigate("/home")
else:
system.perspective.openPopup("badCreds", "Popups/BadCredentials")
Before I lean on this approach I’d like to confirm a few things:
- Does the gateway ever overwrite
session.props.authwith its own values (heartbeat, security checks, etc.)? - If I manually populate the auth roles/securityLevels as above, will view security and tag security respect those during the session?
- Has anyone actually shipped a system that does this, and if so have you run into surprises on upgrades?
I know the “official” answer is to use an IdP or redirect to the default login screen, but for branding and UX reasons I’d rather keep everything in a single Perspective view if it’s safe to do so.