A basic understanding of DbfScript is required to follow this section.

The custom authentication script will be provided the variable #input, and this will contain the fields UserName and Password. If 2FA is used, it will also contain Extra that will contain the secondary authentication code.

What it does with those values is entirely up to the script. However, at the end it must return the user record (&root/Users) that is inserted or retrieved from the User. 

That record should have an additional field set, called GroupNames. This is the list of roles that the user has. If you will instead rely on the Roles list under the user (which is where the roles are usually stored if you set Wiki Manager, for example), then you can get away with putting in this line to set the GroupNames automatically from the Roles under that user:

set #urec/GroupNames = "RestrictUserAccess,Base,Staff," + str:Join(List(load(GetPath(#urec)/Roles) ,"RoleID"), ",", ",")

This is assuming the user record is called urec.

If the script returns null it will force the system to use basic authentication using the Users tab and any password stored there.

Testing Authentication

Once set up, you can test the authentication without having to logout. Just click on the "Test Login Scripts" action, and enter in a username and password to test the scripts with.

If you want to test scripts without them going public, you can create an entry in the "Script Testing Area" underneath. Click that tab, and click the "+" icon on the right side to add a new set of scripts. Once these are entered, you can click that entry and then click "Test Login Scripts" to test that test script. Once you are happy with it, copy and paste the scripts into the main Authentication Settings record.