Allow styling SSO login buttons #12121
Replies: 2 comments 3 replies
-
The buttons on the login page are configured through the env variables, so there's no requirement to use any specific logo or name.
Can you link to the spec where this is outlined? |
Beta Was this translation helpful? Give feedback.
3 replies
-
This thread is not feeling constructive any more, so I'm locking it for now. ☮️ |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Google wants to be rainbow: https://developers.google.com/identity/branding-guidelines
Twitch wants to be purple: https://developers.google.com/identity/branding-guidelines
Facebook wants you to "continue with Facebook"
Twitter want to "sign in with Twitter"
You get the point. The monochrome treatment is only okay with Discord (since gray is a brand color) AFAIK.
There is another legal/security issue of the logos not leading directly to the third party.
There is a click on a branded logo (that doesn't meet any brand standards) to a url on the directus site /auth/login/twitch before the outbound call.
This violates the OAuth2 standard, which was partly built around brand & legal/copy enforcement of providers, and brand guidelines of many providers... but also around user safety/security.
The user should be able to hover the icon and see they're going to Twitch, when they click on the Twitch icon. Only a "real user click" should trigger the outbound request.
And for example, since Twitch has so many bad/beginner marketing partners, their rules are quite strict. Clicking a link with their logo which leads to your site and url with their name in it, is an implication of partnership in their eyes, even if that page redirects to their site.
To Reproduce
Implement one or many OAuth2 or OpenID solutions
Errors Shown
Monochrome icons are shown violating Third Party brand/logo requirements like Google & Twitch (s).
"Real user clicks" from brand icons do not link directly to the Third Party. The brands allow us to use their logos, when shown in full color and directly linked.
The solution seems two part:
Beta Was this translation helpful? Give feedback.
All reactions