Troubleshooting

Q: Can we increase the custom fields limit above 15?

A: Yes, this can be done and for that, you need to contact LoginRadius Support.

Q: How to create a custom field?

A: Custom fields allow for a simple key-value storage option that extends the LoginRadius Normalized user profile. These key values should be a flat field (objects or Arrays are not supported) and should be limited to 1000 characters Add custom field in your Registration interface by following the below steps in Admin console:

1. Log in to your LoginRadius Admin Console

2. Navigate to Platform Configuration > Authentication Configuration > Standard Login > Data Schema

3. On the right-hand side click on "Custom Fields"

4. Click on the "Add Custom field" and input the Field Name and hit "Add"

5. Once the field is added you can include it on your registration form by simply clicking on the field name.

Q: Can we add extra array variables like address.address[1.]Sure_name?

A: No, you can't add extra variables like address.address[1].Sure_name. Instead, you can use the existing fields like address1 or address2, for example, address.address[1].address1="sample address|sure_name" with pipe-separated values.

Q: Once the user has been disconnected on registration before the verification of mandatory fields, How can we force the user to verify those credentials?

A: In this case, users need to verify essential credentials, such as email or phone ID, based on the selected workflow. For instance, if a specific workflow is chosen and the user disconnects during registration, they will be prompted to confirm mandatory fields like email or phone ID during their initial login.

Q: How do I retrieve the provider access token?

A: With the extended profile data set, which you can view on the LoginRadius datapoints page, you can retrieve the access token that is generated by the social provider. You have access to the provider-generated access token through the data point "Provider Access Credential". You can use this token with direct API requests using the specific social providers' APIs. You may need to reach out to LoginRadius Support Team if the API you are accessing requires additional scopes to be included in the request.

Q: What is the token lifetime for Facebook, Google, Twitter and LinkedIn?

A: Facebook: By default, the lifetime for the Facebook API token is 2 hours.

Google: The lifetime for the Google API token never expires either, though it may stop working for one of the following reasons:

1. The user has revoked access.
2. The token has not been used for six months.
3. The user account has exceeded a certain number of token requests (15 to 20 per user account).

Twitter: The lifetime for the Twitter API token never expires unless someone rejects your app in their account settings.

Linkedin: By default, the lifetime for the Linkedin API token is 60 days

Q: How do I create an app for AOL, Hyves, LiveJournal, Mixi, OpenID Connect, Orange, Persona, Stack Exchange, Steam Community, Verisign, and Virgilio?

A: These ID providers are using OpenID standards and do not require setup and configuration of an app before using them with your LoginRadius Account.

Q: How do I resolve the "Invalid Scopes" error when logging in with Facebook?

A: On login with Facebook, the error message shown below is sometimes displayed to developer or admin users:

This is caused by the Facebook API v 2.0 release, which has deprecated certain scopes. LoginRadius has handled all of these changes within our system, so in order to remove the deprecated scoping from your account you can follow the steps below:

1. Login to your LoginRadius Admin Console.
2. Select the site for which you are seeing the error, using the dropdown in the top-right corner of the user account.
3. Navigate to Platform Configuration -> Authentication Configuration -> Social Login -> Social Data Settings.
4. Select the Permissions tab and click on the "Save" button, which will save all of the new and correct scopes for this site.
5. If you continue to have difficulties with this, please reach out to the LoginRadius Support team for further assistance.

Q: What do I do if Facebook is not returning all of the requested data or posting status updates is not working?

A: If you have correctly configured your LoginRadius account to request the correct permissions for extended profile data and Post messaging(push notifications), and it is working for other providers but the correct dataset and posting features do not seem to be available on Facebook, then you have most likely not verified your Facebook app. Facebook mandates an app review and approval process for apps requesting access to extended data points and features like posting messages to a user's wall.

You can refer to Facebook App Review document for help with submitting your app for review.

Q: Why do I have to set up my own social provider apps? Shouldn't that be handled by LoginRadius?

A: We are often asked why the LoginRadius team does not setup social apps for our customers. This is a fair question, but there are a few good reasons as to why we are not able to handle this step for you (though we are of course more than happy to support you through the process).

• First, these apps are branded, so setting up your own app is essential to maintaining control over your brand. When a user goes to register with your site via Facebook, for example, it will not make sense for this user to grant permissions to LoginRadius or accept the LoginRadius Terms & Conditions.

• Second, as a LoginRadius customer, you still remain the sole owner of your user data - LoginRadius simply manages this data for you. Therefore, because you will utilize your social apps to request the data you are looking to gather from your users, it is you that must manage the app itself.

• Third, to complement the analytic tools available to you through the LoginRadius Admin Console, social apps offer their own analytics for the users logging in through that app. Creating and maintaining your own app will ensure that you are able to take advantage of these tools.

Q: How to change the phone number saved in the profile?

A: Let's say that the phone number is XXX-XXX-XXX1. If the user wants to change it to XXX-XXX-XXX2, the user needs to update it through the profile editor and then save it. The phone number will get updated.

Q: Where can I request to enable this feature?

A: This feature could be enabled by a request through LoginRadius support channel.

Q: This feature can only be configured through APIs?

A: This feature has some sort of APIs by which customers can make different queries using them but in order to enable this, customers have also a JS approach.

Q: Would it work if the user signed up using social accounts (like Facebook or Google)?

A: Passwordless login also works for the user registered with social providers, if it is their first time, they need to Log In with the social provider and next time while login they only need to enter email id, to get the one-click Sign In link.

Q: What if a user is using multiple devices?

A: If authentication links or codes are requested via email, a user can retrieve the link or code on any device with access to their email account. After retrieving the authentication link or code, they can provide the information when attempting to access the app. If a device doesn't have access to the required email account, users can forward the email to an account accessible using that device.

If a user requests an authentication code via SMS message, they can use any device that will receive messages sent to the phone number associated with their account.

Q: What is the user role? Can you please provide some basic user roles title with their permissions.

A: A user role is user permission specific to a particular job. They help to optimize efficiency and reduce the risk of human error by enabling you to delegate responsibilities and permissions to certain users only. For example, you can set roles like :

• Sales Staff — permissions generally assigned to the person(s) responsible for the sales and/or marketing of your store
• Sales Manager — permissions generally assigned to the staff member(s) responsible for processing orders
• System Admin — administrator role with all permissions enabled
• Store Owner — the person financially responsible for the account; this role has exclusive access to various account-related features.
• Custom — use this option to create your own combination of permissions. You can also opt to customize one of the other roles.

Q: What is the relationship between a role and permissions?

A: Permissions determine what operations are allowed on a resource. A role is a collection of permissions. You cannot assign permission to the user directly; instead, you grant them a role. When you grant a role to a user, you grant them the permissions that the role contains.

Q: How I can check the which role assigned to a user?

A: We can check the assigned role to a user by visiting user’s profile-->Full View-->Roles in customer management section under the Admin console’s profile management tab.

Q: Key rotation in JWT public/private keys, why is it needed, and how does it improve the security of authentication?

A: In JWT, key rotation is needed as it serves as a second layer of security. The RSA key pair does not remain static, and in an extreme case where someone steals the private key without the intervention of an admin, the keys will eventually expire. The Authorization Server handles this by setting a reasonable frequency for key expiration to restrict unauthorized access to authorization.

Q: Is any maintenance time needed to reflect the JWT key rotation in the production?

A: A maintenance window is not needed to rotate the key in JWT. This will replace the keys immediately, and it will be used for new session requests.