TExternalLoginOptions Class
Controls how an external (upstream) identity is reconciled with a local user when Sphinx acts as an identity broker, and what tokens are kept after a successful external sign-in.
Remarks
These options drive the built-in reconciliation policy that runs when an external sign-in completes.
The policy first looks for an existing link (by provider and subject); if none exists it may, when enabled here, link to an existing user matched by e-mail and/or provision a brand new user. An OnExternalSignIn handler, when assigned, can always override the result. All options are conservative (off) by default, so nothing happens automatically unless explicitly enabled.
Syntax
Unit: Sphinx.Options
TExternalLoginOptions = class(TPersistent);
Properties
| Name | Description |
|---|---|
| AllowAutoLinkByEmail | Allows the built-in policy to link an external identity to an existing local user matched by e-mail address, when no explicit link exists yet. |
| AllowAutoProvision | Allows the built-in policy to create a new local user on the first external sign-in when no existing user can be found or linked. |
| RequireVerifiedEmailForAutoLink | When auto-linking by e-mail, requires the upstream e-mail to be verified. |
| SaveTokens | Persists the upstream tokens (access, refresh and id token) after a successful external sign-in. |