Saltcorn 0.3.1: login with external identity providers

By Tom Nielsen
Published on 

Saltcorn 0.3.1 contains the following enhancements and bug fixes:

  • External id providers: plug-ins can now provide authentication methods from external identity providers. Existing plug-ins include: Twitter, Google, GitHub, generic OAuth 2.0 and LDAP. Options for any installed identity providers will be shown on the login screen underneath the standard password login prompt. If you login using an external identity provider, a new user account will be created in the Saltcorn instance. Two factor authentication is not yet supported, but it will be in a future release such that plug-ins can provide two factor authentication methods. 
  • Accessibility: it is now possible to create a page with images and forms that fully pass WCAG 2.0 guidelines. Going through this however, I was struck by how many of the Bootstrap themes do not meet accessibility standards for minimal contrasts - you have to choose your theme carefully for this to pass. I can't wait for the modern fashion for low contrast grey on grey text to die. It has probably already started.
  • Breakpoint: you can now set the screen width at which columns created in the drag-and-drop builder breaks into a single column.
  • Send email action: there is now an action to send emails. The email recipient address can be fixed, or come from a database field or a user in the instance. The body of the email is a view applied to a row in the database. The translation from views intended for
  • the browser to email is not perfect, so experiment with some of the options.
  • Embedded views can be of related rows. When embedding views inside show views, you can now choose views of a parent relation (a row referred to by a key in the current row) or child relations (all the rows that refer to the current views with a key). This reduces the dependency on the inflexible and complex ListShowList view template.
  • Render view on page. You can now specify a page that views will be rendered on by default. This helps in particular when you want to decorate views that are navigated to either at the end of a form submission or from a view link.
  • Small usability enhancements for the administrator/site builder. In particular, a bit more explanation about different view templates.
  • Security: some XSS bugs were fixed, we now get a clean bill of health from OWASP Zap again.

The next release will continue to focus on small usability improvements. We may also add two-factor authentication.



Recent posts