As of today we introduce a centralized login and Multi-Factor Authentication for Flownative Beach accounts
Throughout the last weeks we've been busy with a major rework behind the scenes: We introduced a centralized authentication service for Flownative Beach and future services we are going to offer.
User authentication now happens at id.flownative.com - and consequently we call this service "Flownative ID". With one Flownative ID you will be able to log in to any service at Flownative you have access to.
With the introduction of Flownative ID come new possibilities. You can – and really should – enable Multi-Factor Authentication (MFA) for your Flownative ID. It's really simple: Just sign it to beach.flownative.com and head over to your user profile (click on your avatar in the upper right corner and select "Account"). In the "Security" section you'll find a switch which allows you to enable MFA.
Once MFA is enabled, just log out (click your avatar, then "sign out") and log in again (for example by heading to beach.flownative.com). After entering your email address and password, you'll be asked to set up your 2nd factor for authentication as shown in this dialog:
Currently we support time-based one-time passwords (TOTP) which are compatible with apps like Google Authenticator or 1Password.
Behind the Scenes
The main technology behind our new service is OpenID Connect (OIDC). This is an identity layer (for authentication) based on OAuth2 (which is for authorization).
More concretely, we use a managed OIDC service (Auth0) as the identity provider, while Beach and other services use Flownative's OIDC Plugin for Neos Flow on the client-side. As a nice side-effect, we can now log in to Neos powering this website using our Flownative ID :-)
PS: the QR code shown in the screenshots is not my actual TOTP secret ;-)