Docs

Login

Login is a component that contains a log-in form. You can use it to authenticate the user with a username and password.
<LoginForm />

Basic Login Component/Form

The basic Login component consists of a title (Log in), two input fields (Username and Password), and two buttons (Log in and Forgot password).

You can customize the form’s title and labels using internationalization.

The basic Login component can be used to create log-in pages featuring rich content.

Note
Password managers
Login is incompatible with password managers if placed inside another component’s [1] shadow root. This isn’t an issue when using Login’s modal overlay.

Login features its own modal overlay. Use it to create simple log-in pages — which are full-screen on mobile devices — or to handle authentication without a dedicated log-in page. You can also use it to handle re-authentication when the user’s session has expired.

The overlay can be opened programmatically or through user interaction, for example, by using a log-in button.

The overlay has a header and the log-in form. By default, the header contains placeholders for the application’s title and description. Both properties are configurable.

Validation

Login shows an error message when authentication fails. The error message consists of a title and a message. It’s displayed directly below the title of the form.

The error message is customizable using internationalization. It should contain instructions on how to resolve the problem.

More information can also be provided to the user, for example by linking to a page with helpful material or by displaying contact information.

Internationalization (i18n)

Login’s titles, descriptions, labels, and messages are all customizable using internationalization.

Header

The header is only shown for modal log-in forms.

Property Default value

Title

"App name"

Description

"Application description"

Form

Customize the form’s title, input field and button labels.

Property Default value

Title

"Log in"

Username

"Username"

Password

"Password"

Submit

"Log in"

Forgot password

"Forgot password"

Error Message

When authentication fails, the component shows a Login error message. It consists of a title and message.

Property Default value

Title

"Incorrect username or password"

Message

"Check that you have entered the correct username and password and try again."

Additional Information

The component hides this property unless its value is explicitly set.

Property Default value

Additional information

-

Technical

Handling Events

Login Event

You can add a listener to log-in events and/or define an action for which a POST request is fired. From the event, you can prevent the POST request.

The log-in button is disabled when clicked, to prevent multiple submissions. To restore it, call component.setEnabled(true).

Forgotten Password

You can add an event listener, which allows you to offer users instructions for password recovery.

Cross-Site Request Forgery (CSRF) Tokens

If the page contains the following meta tags with a CSRF token, the token is automatically included in a form POST request:

<meta name="_csrf_parameter" content="_csrf">
<meta name="_csrf" content="71dac59f-34ee-4b31-b478-2891cbd0c55d">

This token is submitted as _csrf=71dac59f-34ee-4b31-b478-2891cbd0c55d, that is, using the _csrf_parameter content as the variable name and the _csrf content as the value.

Important
You can find more information in the corresponding article on vaadin.com.

1. When added to a web component that uses shadow root, password managers are unable to find the input fields and thus not work.