fix(docs): Add users object, general fixes.

packages/docs/menus.yaml

@@ -145,6 +145,11 @@
           pageId: protected-pages
           properties:
             title: Protected pages
+        - id: user-object
+          type: MenuLink
+          pageId: user-object
+          properties:
+            title: User object
 
     - id: blocks_input
       type: MenuGroup

packages/docs/pages.yaml

@@ -29,6 +29,7 @@
 - _ref: users/openid-connect.yaml
 - _ref: users/login-and-logout.yaml
 - _ref: users/protected-pages.yaml
+- _ref: users/user-object.yaml
 
 - _ref: blocks/input/AutoComplete.yaml
 - _ref: blocks/input/ButtonSelector.yaml

packages/docs/users/login-and-logout.yaml

@@ -28,7 +28,9 @@ _ref:
 
             ## Login
 
-            The `Login` action requests the OpenID provider's authorization URL from the Lowdefy server. The user is redirected to this URL, which normally hosts a login page. After the user has logged in successfully, the user is redirected to the `auth/openid-callback` route in the Lowdefy app, where the rest of the OpenID authorization code flow is completed.
+            The `Login` action requests the OpenID provider's authorization URL from the Lowdefy server. The user is redirected to this URL, which normally hosts a login page. If the user is already logged in at the provider, the provider might redirect the user back without requiring a password again.
+
+            After the user has logged in successfully, the user is redirected to the `auth/openid-callback` route in the Lowdefy app, where the rest of the OpenID authorization code flow is completed.
 
             The parameters of the Login action specify where the user is redirected after login is complete. If the pageId is not set, the user is redirected to the homepage. The parameters are:
             - `authUrlQueryParams: object`: Query parameters to set for the authorization URL.
@@ -36,6 +38,8 @@ _ref:
             - `input: object`: The input to set for the page the user is redirected to after login.
             - `urlQuery: object`: The urlQuery to set for the page the user is redirected to after login.
 
+            The `Login` action can be used to update the `user` object, for example to update the user profile after it has been edited, or to make sure the user token is still valid before editing or creating a record in a database.
+
             #### Examples
 
             ###### A login page that redirects users in the onEnter event:

packages/docs/users/openid-connect.yaml

@@ -33,7 +33,7 @@ _ref:
             - [Okta](https://www.okta.com)
             - [Ory Hydra](https://www.ory.sh)
             - [Ping Identity](https://www.pingidentity.com)
-            - [Sign In With Google](https://developers.google.com/identity)
+            - [Sign In With Google](https://developers.google.com/identity) (Google Workspace is also supported)
 
             A full list of OpenID Connect providers can be found [here](https://openid.net/developers/certified/).
 
@@ -57,7 +57,7 @@ _ref:
             - `logoutRedirectUri: string`: _Optional_ - The URL to redirect to after logout. See more [here](/login-and-logout).
 
 
-            Details to configure specific OpenID Connect providers are given [here](/openid-example-configurations).
+            Details to configure specific OpenID Connect providers are given [here](/openid-provider-configuration).
 
             # JSON Web Tokens
 

packages/docs/users/user-object.yaml

@@ -0,0 +1,58 @@
+# Copyright 2020-2021 Lowdefy, Inc
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_ref:
+  path: templates/general.yaml.njk
+  vars:
+    pageId: user-object
+    pageTitle: User object
+    section: User Authentication
+    filePath: concepts/user-object.yaml
+    content:
+      - id: introduction
+        type: MarkdownWithCode
+        properties:
+          content: |
+            The `user` object contains all the claims on the OpenID Connect idToken, except for `aud`, `exp`, `iat`, and `iss`.
+
+            The following claims might be included:
+            - `sub`: The user id (Subject).
+            - `email`
+            - `name`
+            - `given_name`
+            - `family_name`
+            - `picture`: A url to the user's profile picture.
+            - `updated_at`
+            - `email_verified`
+
+            The user object can be accessed using the [`_user`](/_user) operator.
+
+            #### Examples
+
+            ###### Use the user profile picture in a Avatar block:
+            ```yaml
+            id: avatar
+            type: Avatar
+            properties:
+              src:
+                _user: picture
+            ````
+
+      - _ref:
+          path: templates/navigation_buttons.yaml
+          vars:
+            previous_page_title: Protected pages
+            previous_page_id: protected-pages
+            next_page_title: Roles
+            next_page_id: roles

packages/docs/users/users-introduction.yaml

@@ -24,7 +24,7 @@ _ref:
         type: Markdown
         properties:
           content: |
-            To add users to a Lowdefy app, you need to do the following:
+            To add user authentication and authorization to a Lowdefy app, you need to do the following:
             - Configure an OpenID Connect provider
             - Configure which pages should be public and protected (only available to logged in users).
             - Add the `Login` and `Logout` actions to your app, to allow users to log in and out.