Login Settings
Configure authentication and login settings for your Litekart admin panel and storefront.
Admin Authentication
Login Methods
Litekart supports multiple authentication methods for admin access:
Email & Password (Default)
json
{
"auth": {
"admin": {
"email_password": {
"enabled": true
}
}
}
}SMS Authentication
json
{
"auth": {
"admin": {
"sms": {
"enabled": true,
"provider": "twilio",
"twilio_sid": "your-twilio-sid",
"twilio_token": "your-twilio-token"
}
}
}
}Social Login
json
{
"auth": {
"admin": {
"social": {
"google": {
"enabled": true,
"client_id": "your-google-client-id",
"client_secret": "your-google-client-secret"
},
"github": {
"enabled": true,
"client_id": "your-github-client-id",
"client_secret": "your-github-client-secret"
}
}
}
}
}Password Policies
Configure password requirements for admin accounts:
json
{
"auth": {
"password_policy": {
"min_length": 8,
"require_uppercase": true,
"require_lowercase": true,
"require_numbers": true,
"require_symbols": false,
"prevent_common_passwords": true
}
}
}Session Management
Configure admin session settings:
json
{
"auth": {
"sessions": {
"admin_timeout": 480, // minutes
"remember_me_duration": 30, // days
"max_concurrent_sessions": 5,
"session_cleanup_interval": 60 // minutes
}
}
}Customer Authentication
Storefront Login Options
Configure customer login methods:
Standard Login
json
{
"auth": {
"customer": {
"email_password": {
"enabled": true,
"require_email_verification": true
}
}
}
}Guest Checkout
json
{
"auth": {
"customer": {
"guest_checkout": {
"enabled": true,
"require_account_creation": false
}
}
}
}Social Login for Customers
json
{
"auth": {
"customer": {
"social": {
"google": { "enabled": true },
"facebook": { "enabled": true },
"apple": { "enabled": true }
}
}
}
}Account Verification
Configure email/SMS verification for new accounts:
json
{
"auth": {
"verification": {
"email": {
"required": true,
"template": "welcome-email",
"sender": "noreply@yourstore.com"
},
"sms": {
"required": false,
"template": "verification-sms"
}
}
}
}Multi-Factor Authentication (MFA)
Admin MFA
Enable MFA for admin accounts:
json
{
"auth": {
"mfa": {
"admin_required": true,
"customer_optional": true,
"methods": {
"totp": {
"enabled": true,
"issuer": "Your Store Admin"
},
"sms": {
"enabled": true
},
"email": {
"enabled": false
}
}
}
}
}MFA Setup Process
- Enable MFA in admin settings
- Generate QR Code for TOTP setup
- Verify Setup with authentication code
- Backup Codes generated for recovery
API Authentication
API Key Management
Configure API key settings:
json
{
"auth": {
"api_keys": {
"enabled": true,
"key_length": 32,
"hash_algorithm": "sha256",
"rate_limit": {
"requests_per_hour": 1000,
"burst_limit": 100
}
}
}
}JWT Configuration
Configure JWT tokens for API authentication:
json
{
"auth": {
"jwt": {
"secret": "your-super-secret-jwt-key",
"algorithm": "HS256",
"expires_in": "24h",
"refresh_expires_in": "30d",
"issuer": "litekart-api"
}
}
}Security Settings
Login Attempt Limits
Prevent brute force attacks:
json
{
"security": {
"login_attempts": {
"max_attempts": 5,
"lockout_duration": 15, // minutes
"reset_after": 60 // minutes
}
}
}IP Whitelisting
Restrict admin access to specific IPs:
json
{
"security": {
"ip_whitelist": {
"admin": {
"enabled": false,
"ips": ["192.168.1.0/24", "10.0.0.0/8"]
}
}
}
}Audit Logging
Enable login activity logging:
json
{
"security": {
"audit": {
"login_events": true,
"failed_attempts": true,
"password_changes": true,
"retention_days": 90
}
}
}Password Recovery
Admin Password Reset
Configure admin password recovery:
json
{
"auth": {
"password_reset": {
"admin": {
"enabled": true,
"token_expiry": 60, // minutes
"max_requests_per_hour": 3,
"email_template": "admin-password-reset"
}
}
}
}Customer Password Reset
Configure customer password recovery:
json
{
"auth": {
"password_reset": {
"customer": {
"enabled": true,
"token_expiry": 60,
"require_current_password": false,
"email_template": "customer-password-reset"
}
}
}
}Single Sign-On (SSO)
SAML Configuration
Set up SAML SSO for enterprise customers:
json
{
"auth": {
"sso": {
"saml": {
"enabled": false,
"entry_point": "https://your-idp.com/saml",
"issuer": "litekart-sso",
"cert": "path/to/certificate.pem",
"private_key": "path/to/private-key.pem"
}
}
}
}OAuth 2.0
Configure OAuth 2.0 for third-party integrations:
json
{
"auth": {
"oauth": {
"enabled": true,
"providers": {
"google": {
"client_id": "your-client-id",
"client_secret": "your-client-secret",
"redirect_uri": "https://yourstore.com/auth/google/callback"
}
}
}
}
}Account Lockout
Automatic Lockout
Configure automatic account lockout:
json
{
"auth": {
"lockout": {
"enabled": true,
"max_attempts": 5,
"duration": 30, // minutes
"notify_admin": true,
"notify_user": true
}
}
}Manual Unlock
Admin can manually unlock accounts through the admin panel:
- Navigate to Users > Admin Users
- Select locked user
- Click Unlock Account
- Confirm unlock action
Best Practices
Security Recommendations
- Use Strong Passwords: Enforce complex password requirements
- Enable MFA: Require multi-factor authentication for admins
- Monitor Login Activity: Enable audit logging and monitoring
- Regular Key Rotation: Rotate API keys and JWT secrets regularly
- IP Restrictions: Use IP whitelisting for sensitive environments
- Session Management: Configure appropriate session timeouts
Performance Considerations
- Session Storage: Use Redis for session storage in production
- Rate Limiting: Implement appropriate rate limits
- Caching: Cache authentication results when possible
- Database Indexing: Ensure proper indexing on user/auth tables
User Experience
- Clear Error Messages: Provide helpful error messages for login failures
- Password Hints: Show password requirements during registration
- Remember Me: Offer remember me functionality for customer logins
- Social Login: Provide convenient social login options
- Password Recovery: Make password reset process simple and secure
Troubleshooting
Common Issues
Login Fails with Valid Credentials
- Check if account is locked due to failed attempts
- Verify email verification status
- Check password policy compliance
MFA Setup Issues
- Ensure TOTP app is correctly configured
- Check device time synchronization
- Verify MFA settings in configuration
API Authentication Errors
- Validate API key format and permissions
- Check JWT token expiration
- Verify request headers and signatures
Session Timeout Issues
- Adjust session timeout settings
- Check Redis connectivity
- Verify cookie settings
Debug Mode
Enable authentication debugging:
bash
# Environment variable
DEBUG_AUTH=true
# Check logs
tail -f logs/auth.logRecovery Procedures
Reset Admin Password via Database
sql
UPDATE users
SET password_hash = '$2b$10$newHashedPassword'
WHERE email = 'admin@yourstore.com' AND role = 'admin';Unlock Account via Database
sql
UPDATE users
SET locked_until = NULL, failed_attempts = 0
WHERE email = 'user@yourstore.com';Clear All Sessions
sql
TRUNCATE TABLE user_sessions;