Login Method Property
PropelAuth provides the ability to see how your users are logging in with the login_method
property - useful when enforcing users of an org to only log in via Google SSO, knowing which SAML provider a user logged in with, etc.
Enabling the Login Method Property
To enable the login_method
property, head over to Signup / Login method page and click on Settings. Then, toggle the Include login method in access token setting.
Getting the Login Method
Each backend SDK provides a way to get the login_method
property. Here's an example using the Node library which uses middleware to enforce a specific SSO provider is used for an organization:
const requireSso = async (req, res, next) => {
const user = validateAccessTokenAndGetUser(req.headers.authorization);
const org = user.getOrg(req.params.orgId);
if (!org) {
return res.status(404).json({ message: "Org not found", status: 404 });
}
const isGoogleSsoRequired = await isGoogleSsoRequiredForOrg(org.orgId);
if (!isGoogleSsoRequired) {
return next();
} else if (user.loginMethod.loginMethod === "social_sso" && user.loginMethod.provider === "Google") {
return next();
} else {
return res.status(401).json({
message: "Google SSO is required for this org",
});
}
};
export default requireSso;
The login_method
property is an object that always contains the login_method
key. In some instances, such as when a user logs in via SSO or SAML, it will also include a provider
property, like so:
{
login_method: "social_sso"
provider: "GitHub"
}
If the user logs in via an org's SAML connection, the login_method
object will also contain the orgId
of the org.
{
loginMethod: "saml_sso"
provider: 'OneLogin'
orgId: "abh1h13..."
}