authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

"Stay logged in" feature

Open rperpe opened this issue 2 years ago • 3 comments

Is your feature request related to a problem? Please describe. On some trusted devices I'd like to (optionally) remain logged in and don't want to to reenter credentials every few hours/days/whatever is configured in authentik.

Describe the solution you'd like When logging in I'd like to be able to enable some "stay logged in" checkbox which extends session time by a (admin-configurable) time amount.

Describe alternatives you've considered Probably this is feasible already with flows/stages with available features? To be honest I don't like the multi-step behaviour of default login flow much and don't want to add a (in my case) fourth step.

Additional context N/A

rperpe avatar Jan 01 '22 16:01 rperpe

Any progress on this? It's even more annoying with multiple devices. Have to relogin on all of them multiple times a day.

kanersps avatar Aug 31 '22 12:08 kanersps

The simplest implementation of this would be

  • adding an option in the identification stage to show a remember me option
  • add a field for a separate session timeout in the user_login stage that is applied when remember me is checked

However I'm interested if people are imagining something else with this as well, something like remembering the username/email longer than the actual session is, so that after the session expires a user has to re-authenticate but not re-identify

BeryJu avatar Aug 31 '22 19:08 BeryJu

What I think the most "requested" thing will be (and probably the easiest to implement at first) is just a "remember me" checkbox and make it last like 30 days or so. And if a person auto logs in within those 30 days (as in no need to put in your details again as you checked "remember me") it will reset and take 30 days from that point again before you're logged out.

kanersps avatar Sep 02 '22 16:09 kanersps

I would definitely like to see a stay logged in box upon login.

royaldunlin avatar Dec 16 '22 11:12 royaldunlin

Maybe it's also suitable to add the ability to use variables as session duration in combination with a custom prompt stage?

oeiber avatar Dec 22 '22 09:12 oeiber

I'd love to see this option implemented as well. Ideally with the 'remember me' checkbox availability configurable per flow. And as mentioned by @BeryJu use a session timeout for 'remembered' sessions to prevent stale logins remaining active. I.e. Stay logged in as long as the session is actively used with a timeout of some number of days.

RoboMagus avatar Feb 08 '23 11:02 RoboMagus

Is there any way to implement this ourselves with the flows right now?

christiaangoossens avatar Feb 26 '23 19:02 christiaangoossens

Yes, change login duration on default-authentication-login stage

linedpaper avatar Feb 28 '23 19:02 linedpaper

Yes, change login duration on default-authentication-login stage

Amazing, thanks!

christiaangoossens avatar Feb 28 '23 19:02 christiaangoossens

While it wouldn't be optimal in my opinion, Microsoft does it, so it does at least have precedence in the industry: Add a prompt stage before your login stage with a "remember me" checkbox. Then add another login stage with a longer timeout, add a policy to each that checks the value of the checkbox, and negate the policy on the shorter timeout login stage.

I feel like this wasn't possible to do when the issue was started so there was more reason to open this back then, but now that there is a way to do it with policies, I don't know that there is much of a reason anymore to for example implement this in the identification stage, though it would be more slick. You could always use a username prompt field instead if you do not use any of the other features of the identification stage like multiple sources.

sevmonster avatar Mar 03 '23 15:03 sevmonster