Custom Authentication Status
When writing custom authentication scheme I noticed that invalid logins weren't showing up properly in the apex logs (apex_workspace_access_log).
Here's how to re-create the problem along with the fix.
First let's create a custom authentication function:
CREATE OR REPLACE FUNCTION blog_cust_auth ( p_username IN VARCHAR2, p_password IN VARCHAR2 ) RETURN BOOLEAN AS BEGIN IF LOWER (p_username) = 'pass' AND LOWER (p_password) = '123' THEN RETURN TRUE; ELSE RETURN FALSE; END IF; END;Let's set the APEX authentication scheme to use this custom function:
Shared Components / Authentication Schemes:
- Create
- From Scratch
- Name: BLOG_TEST
Keep hitting "Next" until:
- Credentials Verification Method:
- return blog_cust_auth
- Keep hitting "Next" until the end
- Credentials Verification Method:
Change the current authentication scheme to BLOG_TEST
- On the Authentication Schemes page, on the right hand side select "Change Current" and select "BLOG_TEST'
Let's create a region to always display the authentication statuses:
- Create Page
- Page Zero
- On Page 0 Create a region
- Report
SELECT user_name, authentication_method, access_date, authentication_result, custom_status_text FROM apex_workspace_access_log WHERE application_id = :APP_ID ORDER BY access_date DESC
Now let's try to log in using a valid username and password:
- Report
- username: pass, password: 123
If things worked well you're now on P1, and the "AUTHENITCATION_RESULT" is flagged as "AUTH_SUCCESS"
Now logout and try to login with invalid credentials
- username: pass, password: fail
You'll notice that the login failed, however it still logged it as a successful login attempt:
Let's update our authentication function to use the 2 authentication result customizations: apex_util.set_authentication_result and apex_util.set_custom_auth_status
CREATE OR REPLACE FUNCTION blog_cust_auth ( p_username IN VARCHAR2, p_password IN VARCHAR2 ) RETURN BOOLEAN AS BEGIN IF LOWER (p_username) = 'pass' AND LOWER (p_password) = '123' THEN RETURN TRUE; ELSE -- Set APEX authentication Codes apex_util.set_authentication_result (p_code => 3); -- Set our own APEX custom text apex_util.set_custom_auth_status (p_status => 'Bad Username'); RETURN FALSE; END IF; END;Let's now see what happens when we now login with invalid credentials:
Notice that we now have proper error information in the logs? Here's a list of some codes you can use for apex_util.set_authentication_result, taken from the view apex_workspace_access_log:
0, 'AUTH_SUCCESS', 1, 'AUTH_UNKNOWN_USER', 2, 'AUTH_ACCOUNT_LOCKED', 3, 'AUTH_ACCOUNT_EXPIRED', 4, 'AUTH_PASSWORD_INCORRECT', 5, 'AUTH_PASSWORD_FIRST_USE', 6, 'AUTH_ATTEMPTS_EXCEEDED', 7, 'AUTH_INTERNAL_ERROR',
Of course you can use your own codes but I'd suggest sticking with these codes to utilize the APEX views. You can supplement the codes with the custom authentication status text (apex_util.set_custom_auth_status)