Manage Login
Explore commands to manage Login Configurations to integrate Affinidi Login into your application. Use User Groups to manage user’s authorisation into your application as part of the access token.
Note
You can only create up to 10 Configurations per Project. If you wish to create more than 10 Configurations, you must create a new Project.Command References
affinidi login
Use these commands for user login configuration and group management
affinidi login add-user-to-group
Adds a user to a user group
USAGE
affinidi login add-user-to-group [--json] [--no-color] [--no-input] [--group-name [value]] [--user-id [value]]
FLAGS
--group-name=[value]
Name of the user group
--user-id=[value]
Id of the user. Currently the user’s DID is supported.
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login add-user-to-group --group-name my_group --user-id did:key:12345
affinidi login create-config
Creates a login configuration in your active project
USAGE
affinidi login create-config [--json] [--no-color] [--no-input] [-f [value] | -n [value] | -u [value] | --token-endpoint-auth-method client_secret_basic|client_secret_post|none | --claim-format array|map | --client-name [value] | --client-origin [value] | --client-logo [value]]
FLAGS
-f, --file=[value]
Location of a json file containing login configuration data
-n, --name=[value]
Name of the login configuration
-u, --redirect-uris=[value]
OAuth 2.0 redirect URIs, separated by space
--claim-format=[option]
ID token claims output format. Defaults to array [options: array|map]
--client-logo=[value]
URL of a logo for the client, displayed in the consent page
--client-name=[value]
Name of the client, displayed in the consent page
--client-origin=[value]
Origin of the client, displayed in the consent page
--token-endpoint-auth-method=[option]
Client authentication method for the token endpoint. Defaults to client_secret_post [options: client_secret_basic|client_secret_post|none]
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login create-config
affinidi login create-config -f loginConfig.json
affinidi login create-config -n MyLoginConfig -u http://localhost:8080/callback
affinidi login create-config --name "My Login Config" --redirect-uris "https://my-fancy-project.eu.auth0.com/login/callback http://localhost:8080/callback" --token-endpoint-auth-method client_secret_post --claim-format array --client-name "My App Name" --client-origin http://localhost:8080 --client-logo http://localhost:8080/logo
FLAG DESCRIPTIONS
–token-endpoint-auth-method=client_secret_basic|client_secret_post|none Client authentication method for the token endpoint. Defaults to client_secret_post The options are: client_secret_post: (default) Send client_id and client_secret as application/x-www-form-urlencoded in the HTTP body client_secret_basic: Send client_id and client_secret as application/x-www-form-urlencoded encoded in the HTTP Authorization header none: For public clients (native/mobile apps) which can not have a secret
affinidi login create-group
Create a user group in your active project
USAGE
affinidi login create-group [--json] [--no-color] [--no-input] [-n [value]]
FLAGS
-n, --name=[value]
Name of the user group, that follows url-friendly pattern ^[a-z_]+$
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login create-group -n my_new_group
affinidi login create-group --name my_new_group
affinidi login delete-config
Deletes a login configuration from your active project
USAGE
affinidi login delete-config [--json] [--no-color] [--no-input] [-i [value]]
FLAGS
-i, --id=[value]
ID of the login configuration
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login delete-config -i [value]
affinidi login delete-config --id [value]
affinidi login delete-group
Deletes a user group from your active project
USAGE
affinidi login delete-group [--json] [--no-color] [--no-input] [-n [value]]
FLAGS
-n, --name=[value]
Name of the user group
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login delete-group -n my_group
affinidi login delete-group --name my_group
affinidi login export-configs
Export selected login configurations of your active project
USAGE
affinidi login export-configs [--json] [--no-color] [--no-input] [-i [value]] [-p [value]]
FLAGS
-i, --ids=[value]
IDs of the login configurations to export, separated by space
-p, --path=[value]
Relative or absolute path where configurations should be exported
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login export-configs
affinidi login export-configs --ids "configurationId1 configurationId2" --path "../my-configs.json"
affinidi login export-groups
Export selected user groups with its users
USAGE
affinidi login export-groups [--json] [--no-color] [--no-input] [-n [value]] [-p [value]]
FLAGS
-n, --names=[value]
Group names to export, separated by space
-p, --path=[value]
Relative or absolute path where user groups should be exported
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login export-groups
affinidi login export-groups --names "groupName1 groupName2" --path "../my-user-groups.json"
affinidi login get-config
Gets the details of a login configuration in your active project
USAGE
affinidi login get-config [--json] [--no-color] [--no-input] [-i [value]]
FLAGS
-i, --id=[value]
ID of the login configuration
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login get-config -i [value]
affinidi login get-config --id [value]
affinidi login get-group
Gets the details of a user group
USAGE
affinidi login get-group [--json] [--no-color] [--no-input] [-n [value]]
FLAGS
-n, --name=[value]
Name of the user group
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login get-group -n my_group
affinidi login get-group --name my_group
affinidi login import-configs
Import login configurations in your active project
USAGE
affinidi login import-configs [--json] [--no-color] [--no-input] [-p [value]]
FLAGS
-p, --path=[value]
Path to file with configurations that should be imported
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login import-configs
affinidi login import-configs --path "../my-configs.json"
affinidi login import-groups
Import groups with its users
USAGE
affinidi login import-groups [--json] [--no-color] [--no-input] [-p [value]]
FLAGS
-p, --path=[value]
Path to file with groups that should be imported
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login import-groups
affinidi login import-groups --path "../my-groups.json"
affinidi login list-configs
Lists login configurations in your active project
USAGE
affinidi login list-configs [--json] [--no-color] [--no-input]
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login list-configs
affinidi login list-groups
Lists user groups in your active project
USAGE
affinidi login list-groups [--json] [--no-color] [--no-input]
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login list-groups
affinidi login list-users-in-group
Use this command to list users in the user group
USAGE
affinidi login list-users-in-group [--json] [--no-color] [--no-input] [--group-name [value]] [--page-size [value]] [--starting-token [value]]
FLAGS
--group-name=[value]
Name of the user group
--page-size=[value]
The total number of items to return in the command’s output
--starting-token=[value]
A token to specify where to start paginating
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login list-users-in-group --group-name my_group
affinidi login remove-user-from-group
Removes a user from a user group
USAGE
affinidi login remove-user-from-group [--json] [--no-color] [--no-input] [--group-name [value]] [--user-id [value]]
FLAGS
--group-name=[value]
Name of the user group
--user-id=[value]
ID of the user
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login remove-user-from-group --group-name my_group --user-id did:key:12345
affinidi login update-config
Updates a login configuration
USAGE
affinidi login update-config [--json] [--no-color] [--no-input] [-i [value]] [-f [value] | -n [value] | -u [value] | --token-endpoint-auth-method client_secret_basic|client_secret_post|none | --client-name [value] | --client-origin [value] | --client-logo [value]]
FLAGS
-f, --file=[value]
Location of a json file containing login configuration data
-i, --id=[value]
ID of the login configuration
-n, --name=[value]
Name of the login configuration
-u, --redirect-uris=[value]
OAuth 2.0 redirect URIs, separated by space
--client-logo=[value]
URL of a logo for the client, displayed in the consent page
--client-name=[value]
Name of the client, displayed in the consent page
--client-origin=[value]
Origin of the client, displayed in the consent page
--token-endpoint-auth-method=[option]
Client authentication method for the token endpoint. Defaults to client_secret_post [options: client_secret_basic|client_secret_post|none]
GLOBAL FLAGS
--json
Format output as json.
--no-color
Disables color in the output. If you have trouble distinguishing colors, consider using this flag.
--no-input
Disables all the interactive prompts
EXAMPLES
affinidi login update-config --id [value] -f loginConfig.json
affinidi login update-config --id [value] -u http://localhost:8080/callback
affinidi login update-config --id [value] --name "My Login Config" --redirect-uris "https://my-fancy-project.eu.auth0.com/login/callback http://localhost:8080/callback" --token-endpoint-auth-method client_secret_post --client-name "My App Name" --client-origin http://localhost:8080 --client-logo http://localhost:8080/logo
FLAG DESCRIPTIONS
–token-endpoint-auth-method=client_secret_basic|client_secret_post|none Client authentication method for the token endpoint. Defaults to client_secret_post The options are: client_secret_post: (default) Send client_id and client_secret as application/x-www-form-urlencoded in the HTTP body client_secret_basic: Send client_id and client_secret as application/x-www-form-urlencoded encoded in the HTTP Authorization header none: For public clients (native/mobile apps) which can not have a secret
Export and Import Using Affinidi Portal
Affinidi CLI and Affinidi Portal allows you to export your Login Configurations and User Groups created under a particular project. Using the exported JSON file, you can import them to your selected project. To do this, follow the steps below:
Export Login Configurations and User Groups
Go to Affinidi Portal and log in to the Affinidi Portal using your Affinidi Vault.
Go to Affinidi Login service and click on dropdown button called Actions. Make sure that you have selected the project where you want to export the Login Configurations and User Groups.
Click on Export login configurations to export your Login Configuration created under the current project. Additionally, you can export also the User Groups by clicking on the Export groups button.
Import Login Configurations and User Groups
Go to Affinidi Portal and log in to the Affinidi Portal using your Affinidi Vault.
Go to Affinidi Login service and click on dropdown button called Actions. Make sure that you have selected the project where you want to import the Login Configurations and User Groups.
Click on Import login configurations to import your Login Configuration created under the current project. Click on Import groups if you want to import the User Groups to the same project.
Export and Import Using Affinidi CLI
Export and Import functionality is also available using Affinidi CLI. Follow the steps below on how to do this.
Export Login Configurations and User Groups
- You must log in to the Project where you want to export your Login Configurations.
affinidi start
or if you are already logged in and want to switch to another project, use the following command:
affinidi project select-project --project-id <PROJECT_ID>
- Once you log in to the Project, run the following command to export Login Configuration.
affinidi login export-configs --path ~/Downloads/login_configs_backup.json
It will prompt you which Login Configurations you want to export. You can select each Login Configuration using <space>
or click <a>
to select all. Optionally, you can set the parameter -i
, --ids
to list all the Login Configurations IDs to export separated by <space>
.
- Once you have selected the Login Configurations to export, it will generate the export file based on the path provided in the command with the list of Login Configurations.
{
"data": {
"configurations": [
{
"name": "NextJS Basic",
"redirectUris": [
"http://localhost:3000/api/auth/callback/affinidi"
],
"presentationDefinition": {
...
},
"idTokenMapping": [
...
],
"clientMetadata": {
,,,
},
"tokenEndpointAuthMethod": "client_secret_post"
}
]
}
}
Note
Export functionality does not export client credentials like Client ID, Client Secret, and Issuer since they are regenerated once you import your backup file.- To export the User Groups from the current Project, run the following command.
affinidi login export-groups --path ~/Downloads/user_groups_backup.json
It will prompt you which User Groups you want to export. You can select each User Group using <space>
or click <a>
to select all. Optionally, you can set the parameter -i
, --ids
to list all the User Groups IDs to export separated by <space>
.
- Once you have selected the User Groups to export, it will generate the export file based on the path provided in the command with the list of User Groups.
{
"data": {
"groups": [
{
"groupName": "all_users",
"users": [
"did:key...
]
}
]
}
}
Import Login Configurations and User Groups
To import Login Configuration from a backup file, follow the steps below:
- You must log in to the Project where you want to export your Login Configurations.
affinidi start
or if you are already logged in and want to switch to another project, use the following command:
affinidi project select-project --project-id <PROJECT_ID>
- Once you log in to the Project, run the following command to import Login Configuration.
affinidi login import-configs --path ~/Downloads/login_configs_backup.json
- Once you import the Login Configurations from your backup file, it will regenerate all the Login Configurations, including client credentials and list them on the screen.
Importing login configurations... Imported successfully!
› Warning: Please save the clientSecret somewhere safe. You will not be able to view it again.
{
"configurations": [
{
"ari": "ari:identity:ap-southeast-1:khyg8765-a0b7-89t7-881e-95cd8688a78f:login_configuration/p098u7yg-0i8j-44b5-8b69-ff4273adc8bc",
"projectId": "khyg8765-a0b7-89t7-881e-95cd8688a78f",
"configurationId": "p098u7yg-0i8j-44b5-8b69-ff4273adc8bc",
"name": "NextJS Basic",
"auth": {
"clientId": "<CLIENT_ID>",
"clientSecret": "<CLIENT_SECRET",
"issuer": "<ISSUER>"
},
"redirectUris": [
"http://localhost:3000/api/auth/callback/affinidi"
],
"clientMetadata": {
"name": "NextJS Basic",
"origin": "http://localhost:3000",
"logo": "https://login.affinidi.com/default-client-logo.svg"
},
"creationDate": "2023-11-21T02:11:41Z",
"tokenEndpointAuthMethod": "client_secret_post"
}
]
}
Note
Please reconfigure your applications with the newly created Client ID, Client Secret, and Issuer to prevent interruption to your end-users.- To import the User Groups from the backup file to the current Project.
affinidi login import-configs --path ~/Downloads/login_configs_backup.json
- Once you have imported the User Groups, it will create the user groups, including the DIDs of the users.
Importing groups... Imported successfully!
{
"groups": [
{
"ari": "ari:identity:ap-southeast-1:khyg8765-a0b7-89t7-881e-95cd8688a78f:group/user_sample",
"groupName": "user_sample",
"projectId": "khyg8765-a0b7-89t7-881e-95cd8688a78f",
"creationDate": "2023-11-21T02:21:19.731Z"
}
]
}
Note
The service will throw an HTTP Error 409 if the user groups you are trying to import already exist in the Project.Glad to hear it! Please tell us how we can improve more.
Sorry to hear that. Please tell us how we can improve.
Thank you for sharing your feedback so we can improve your experience.