We have a “magic link” Requirement for guest users.
A guest user receives an email with a link containing a time-sensitive token. When the user clicks the link, the system must validate the token and then open an assignment link. The anonymous guest user can then complete the assignment and submit it.
The system should automatically log in the guest user using a generic operator or a Anonymous Authentication Service (AAS) when they open the link. However, the Anonymous Authentication service is not compatible with Constellation, so an alternative solution is we are looking.
Also, Using a web embed is not an option because it requires an additional external application, which the customer does not want.
@SSrinivas As mentioned in article that you have referenced a true anonymous access in Constellation is not yet available. So what ever you will develop you need to make sure it is secure.
Do you have Blended UI in place or just pure Constellation application?
The last option we considered is building a simple application in Cosmos and using AAS with web embed.
However, our preference is to explore a native approach within Constellation.
Any inputs from Native Web Embed Component perspective how authentication and auto-login, could help us achieve similar behavior or any ideal starting point we should look at?
@SSrinivas in linked article Vinod Seraphin described you what you would need to implement using customBearer.
Have you considered having Theme Cosmos app with one case that will be a child case for you Constellation case? In such child case you will be able to use traditional solution for external assignments, DWA. It might be lighter that having separate app just to host web embed.
@SSrinivas WIth customBearer you write auth activity that check incoming data and decides if authentication shall be successful or not. Take a look on setCustomTokenParamsCB in docs: Pegasystems Documentation
setCustomTokenParamsCB:
Allows specifying a callback function that will get invoked just prior to every “custom-bearer” token endpoint invocation
If set can return a JavaScript object with properties and values that will map to customparam names and values
Take this as example and not production ready copy paste solution. Make sure what you are doing as you are risking security issues if not implemented properly.
I understand that the customeBearer token can be used with Web Embed. If I decide to go with a custom bearer approach to support a magic-link flow, how would I obtain the token in that case?
From what I know, the Web Embed tag typically handles authentication by passing the clientId automatically. However, in my scenario, the guest user would be accessing the application through a unique link.
Also, to answer your next point — yes, we’ve already achieved that part using Theme Cosmos. But Client is looking something which is native in constellation instead maintaining another application.