Authentication enhancements

See more

This article is an announcement of a new feature.
It is not recommended that you rely on this article to learn how to use the feature.
The new feature will be described in detail in the documentation for the appropriate version.
For a complete list of changes in the new version, see the v8Update.htm file.

Planned for version 8.3.22

The platform will contain user authentication enhancements.

OpenID Connect authentication enhancements

The platform has been recently provided with OpenID Connect for authentication. With OpenID Connect authentication, you can verify a user through a third-party provider-based authentication. For example, in case of USIA, authorization is executed via gosuslugi.ru or Google.

Based on the results of using OpenID Connect authentication, we've received numerous requests to improve the functionality:

  • When errors occur, it might be difficult to identify the cause as an error message does not contain enough information and the technological log records non-informative error texts.
  • Each OpenID Connect provider has its own fields that can serve as an ID for mapping infobase users and certain provider users. That is why, there is a need to map a user with completely different IDs of different providers. For example: email, a phone number, IIAN, a computer domain name, an account ID, and other. Currently, this capability is not provided.

In version 8.3.22, the use of OpenIDConnect authentication is more convenient.

Improved error display

We've made error texts and information recorded in the technological log more informative and added detailed descriptions for the most frequent errors.

Changed infobase user parameters

We've added new UserMatchingKeys field to the InfoBaseUser data type to map token fields with infobase user fields upon OpenID Connect authentication and JWT token authentication.

Mapping keys will be managed by way of 1C:Enterprise language only. This approach is already applied to two-factor authentication settings.

 

­

User = InfoBaseUsers.FindByName("JackS");

­

User.UserMatchingKeys.Insert("google", "smith@gmail.com");

­

User.UserMatchingKeys.Insert("gosuslugi","123-456-789-10");

­

User.UserMatchingKeys.Insert("okta", "81234567890");

­

In this example, the same user is mapped with an email upon Gmail authentication, or with IIAN upon Gosuslugi authentication, or with a phone number upon Okta provider authentication.

In this case, authentication is as fast as when mapping a user name.

Introduced automatic password generation

We've provided version 8.3.22 with automatic infobase user password generation.

We've added the Generate password hyperlink in a form to set up a new user in Designer. You can click this hyperlink to generate a new password containing only Latin letters and digits. In this password, vowels and consonants alternate and digits are placed at the beginning or at the end. Such password is quite easy to remember and difficult to pick. 

 

If password recovery is configured in the infobase, the password recovery form will also provide a user with automatic password generation.

 

Password generation will be available from 1C:Enterprise language using new RandomPasswordGenerator data type with the RandomPassword() method.