Merge pull request #9014 from joostverhoog/upgrade-custom-login

Replace LoginAction with authentication microflows for published services
mendix · Feb 5, 2025 · 30f88cd · 30f88cd
2 parents 1a4acf0 + 8f77dbc
commit 30f88cd
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/content/en/docs/refguide/installation/upgrading-from-9-to-10.md b/content/en/docs/refguide/installation/upgrading-from-9-to-10.md
@@ -134,6 +134,10 @@ In Studio Pro 10, the glyphicon is slowly being phased out. Although a currently
 
 If your application is currently using the Atlas theme, this is easily solved by upgrading [Atlas Core](https://marketplace.mendix.com/link/component/117187) to version 3.11 or above. Otherwise, a possible workaround for this is to manually add the [Atlas icons module](https://github.com/mendix/atlas/raw/main/resources/Atlas_Icons.mpk) to your app.
 
+### Custom Login for Published Services
+
+In Studio Pro 10, published OData, REST, and Web services use sessions that do not communicate with the database. This also means these services ignore [customized login behavior using a LoginAction](/refguide/login-behavior/#customizing-login-behavior). When upgrading an app that uses these features to Studio Pro 10, you need to reimplement the login behavior in an authentication microflow. For more information, see [OData authentication  microflow](/refguide/published-odata-services/#authentication-microflow), [REST authentication microflow](/refguide/published-rest-service/#authentication-microflow), or [Web service authentication](/refguide/integration/expose-a-web-service/#authentication-and-users).
+
 ## Read More
 
 * [Studio Pro 10 Release Notes](/releasenotes/studio-pro/10.0/)
diff --git a/...refguide/modeling/integration/odata-services/published-odata-services/_index.md b/...refguide/modeling/integration/odata-services/published-odata-services/_index.md
@@ -203,9 +203,9 @@ Support for using a list of `System.HttpHeader` in authentication microflows was
 
 Specify which microflow to use for custom authentication. The microflow may take the following as a parameter:
 
-* A list of [HttpHeader](/refguide/http-request-and-response-entities/#http-header). This cannot be used in combination with [HttpRequest](/refguide/http-request-and-response-entities/#http-request) parameter.
+* A list of [HttpHeader](/refguide/http-request-and-response-entities/#http-header). These are the HTTP headers in the client's request. Use this parameter for authentication schemes that are based on HTTP headers.
+* [HttpRequest](/refguide/http-request-and-response-entities/#http-request). Use this parameter for authentication schemes that are based on more than just the HTTP headers (for example, when the client supplies credentials in the request body). You cannot use this parameter together with a list of HttpHeader. Instead, use a [retrieve activity](/refguide/retrieve/) to retrieve the associated request headers.
 * [HttpResponse](/refguide/http-request-and-response-entities/#http-response). When the microflow sets the status code of this response to something other then **200**, this value is returned and the operation will not be executed. Any headers set on the response are returned (except when the microflow returns an empty user).
-* [HttpRequest](/refguide/http-request-and-response-entities/#http-request), so it can inspect the incoming request.
 
 The authentication microflow should return a User.