Disable username/password authentication. Help needed

Hello,

I’ve been trying to disable the username/password authentication method but I just can’t seem to do it. I’ve created a theme that removes the forms in the frontend but I guess people can just use something like “Postman” to authenticate in the backend (Although I haven’t been able to do this for some reason).

I’ve tried:

  1. Removing the forms in the authentication flows. This automatically gives me an error page.
  2. Denying access after the form. This also automatically gives me an error page without even submitting data.
  3. Redirecting to the Login page if an error page appears. This just put me in an infinite loop.
  4. Using just the username form and then password form. This has the disadvantage of revealing existing users.

Solutions im thinking of:

  1. Program custom step.
  2. Customize the error page and put the other identity providers there (not sure if it would work).

Any help would be appreciated on how to do this !

It depends on things you did not mention.

  • Which login methods do you support

One option is to create a new form (in a custom theme) without the password /username option and only allow federated login. Then you should create a new flow without usernam/password actions.

For now we support username/password and by using a government identity provider.
As I said in my previous post, I did create a custom theme and removed the username/password form. The problem here is that people can just use “Postman” to send a form anyway and authenticate. Removing the forms in a new authentication flow automatically gives me an error page in the frontend saying “Incorrect username/password” and I can’t bypass it.

Did you also assign this flow as browser flow for the client in question?

Yes, I did.

Extra chars to be able to post