The platform 8.3.22 got improvements related to user authentication.
Improved Authentication with OpenID Connect
Some time ago, we added OpenID Connect authentication technology to the platform. OpenID Connect can verify user identity based on the authentication performed by a third-party provider (like Google).
We have received user feedback and some suggestions for improving the OpenID Connect authentication mechanism:
· When an error occurs, investigating the cause can be difficult because of insufficient information displayed in the error message and due to non-detailed error texts added to the technological log.
· Every OpenID Connect provider offers its own set of fields that can act as an identifier to match infobase users with users of a specific provider, which makes it necessary to ensure that users can be matched via various identifiers from different providers. Here we talk about email, phone, computer domain name, account ID, etc. The current implementation lacks this capability.
In version 8.3.22, we made the mechanism for using OpenID Connect authentication more convenient.
Improvements in Error Descriptions and Notifications
We worked hard to make error text messages added to the technological log clearer and added detailed descriptions for the most common errors.
Changes in Parameters for Infobase Users
Data type InfoBaseUser received a new field, UserMatchingKeys, to match token fields with infobase user fields when authenticating via OpenID Connect and JWT token authentication.
Management of matching keys is available via the 1C:Enterprise language only. The same applies to settings for two-factor authentication.
User = InfoBaseUsers.User (“JohnsonJJ");
In this example, the same user is matched with mail when authenticated through Gmail and a phone number when using Okta provider.
This makes the authentication process equally fast to matching by username.
Automatic Generation of User Passwords.
In version 8.3.22, it is possible to automatically generate passwords for infobase users.
Inside the form for setting up a new user in Designer, there is hyperlink Generate Password. When clicked, the platform generates a password consisting of Latin letters and numbers. Vowels and consonants in this password alternate, and the numbers are placed either at the end or the beginning of the character sequence. Such a password is easy to remember and hard to guess.
If password recovery is configured in the infobase, users can enjoy automatic password generation in the password recovery form:
Password generation is also available through the 1C:Enterprise language new data type RandomPasswordGenerator
and method RandomPassword().