Login Method Property

PropelAuth provides the ability to see how your users are logging in with the login_method property - useful when enforcing users of an org to only log in via Google SSO, knowing which SAML provider a user logged in with, etc.

To enable the login_method property, head over to Signup / Login method page and click on Settings. Then, toggle the Include login method in access token setting.

Enabling the login method

Each backend SDK provides a way to get the login_method property. Here's an example using the Node library which uses middleware to enforce a specific SSO provider is used for an organization:

const requireSso = async (req, res, next) => {
  const user = validateAccessTokenAndGetUser(req.headers.authorization);
  const org = user.getOrg(req.params.orgId);

  if (!org) {
    return res.status(404).json({ message: "Org not found", status: 404 });
  }

  const isGoogleSsoRequired = await isGoogleSsoRequiredForOrg(org.orgId);

  if (!isGoogleSsoRequired) {
    return next();
  } else if (user.loginMethod.loginMethod === "social_sso" && user.loginMethod.provider === "Google") {
    return next();
  } else {
    return res.status(401).json({
      message: "Google SSO is required for this org",
    });
  }
};

export default requireSso;

The login_method property is an object that always contains the login_method key. In some instances, such as when a user logs in via SSO or SAML, it will also include a provider property, like so:

{
  login_method: "social_sso"
  provider: "GitHub"
}

If the user logs in via an org's SAML connection, the login_method object will also contain the orgId of the org.

{
  loginMethod: "saml_sso"
  provider: 'OneLogin'
  orgId: "abh1h13..."
}

Login Method Property

Enabling the Login Method Property

Getting the Login Method