Apps can allow users to authenticate with a third-party platform. This is typically used to make certain features and content only available to a subset of users. This page contains some guidelines for creating a delightful authentication flow.
Guidelines
- Authentication flows must occur in the authentication pop-up window, not within the app's iframe — that is, sign up and login forms should only appear in the pop-up window
- Use the
titleelement to set a title on the authentication's pop-up window - Provide clear and actionable error messages
- Prevent users from arriving at dead-ends or becoming stuck in endless loops
- Ensure that the redirect URL appears familiar and friendly — that is, not like a phishing threat
- Provide options for both signing up for and logging in to the platform
- Support non-desktop devices, such as mobile phones and tablets
- Do not auto-subscribe users to marketing content — all marketing material must be opt-in
- If the same user installs the same app under different teams, require them to authenticate separately for each team — do not automatically authenticate the user
Suggested copy for authentication flows
There can be many scenarios to consider when building an authentication flow. You are free to make your own copy to communicate authentication flows. Alternatively, to speed up your development, we've provided some suggested copy that you can use
| Scenario | Suggested copy |
|---|---|
| Password is incorrect | Forgot password? |
| No email found | We couldn’t find that account. Try a different email or sign up. |
| One or all of the credentials are invalid | We couldn’t find that account. Try logging in a different way or sign up. |
| User needs to reset password | For your security, we’ve emailed your a link to reset your password. |
| Too many failed login attempts | Too many attempts. Please try again in X minute(s). |
| Password reset link expired or used already | Looks like you need a new password reset link. |
| User already has an account | Looks like you have an account already! Log in. |
| Not all form fields complete | Not quite done yet... |
| Incomplete fields | You missed this one |
| Passwords don’t match | Those passwords don’t match |
| Invalid password– doesn’t meet criteria | Use 8 or more characters with a mix of letters, numbers, and symbols. |