Table of Contents

TExternalLoginOptions Class

Controls how an external (upstream) identity is reconciled with a local user when Sphinx acts as an identity broker, and what tokens are kept after a successful external sign-in.

Remarks

These options drive the built-in reconciliation policy that runs when an external sign-in completes. The policy first looks for an existing link (by provider and subject); if none exists it may, when enabled here, link to an existing user matched by e-mail and/or provision a brand new user. An OnExternalSignIn handler, when assigned, can always override the result. All options are conservative (off) by default, so nothing happens automatically unless explicitly enabled.

Syntax

Unit: Sphinx.Options

TExternalLoginOptions = class(TPersistent);

Properties

Name Description
AllowAutoLinkByEmail Allows the built-in policy to link an external identity to an existing local user matched by e-mail address, when no explicit link exists yet.
AllowAutoProvision Allows the built-in policy to create a new local user on the first external sign-in when no existing user can be found or linked.
RequireVerified​Email​ForAuto​Link When auto-linking by e-mail, requires the upstream e-mail to be verified.
SaveTokens Persists the upstream tokens (access, refresh and id token) after a successful external sign-in.