First screen parameters
A set to custom authentication parameters that allow you to tailor the desired first screen experience for the end users.
first_screen: Specifies the first screen that the user will see.identifier: Specifies the identifier types that the sign-in or sign-up form will accept.login_hint: Populates the identifier field with the user's email address or username. (This is a OIDC standard parameter)
first_screen
The first_screen parameter is the key parameter that determines the first screen that the users will see when they redirect to the Logto's sign-in page. By default, the universal sign-in form will be displayed. Use this parameter to customize the first screen based on your application's requirements. Supported values are:
sign_in: Displays the sign-in form. (Default)register: Displays the sign-up form.reset_password: Displays the password reset form.single_sign_on: Displays the enterprise SSO sign-in form. (A email address will be asked to determine the enabled SSO providers)identifier:sign-in: Displays a identifier specific sign-in form. The identifier type can be specified using theidentifierparameter. This is useful when you have multiple identifier sign-in methods enabled.identifier:register: Displays a identifier specific sign-up form. The identifier type can be specified using theidentifierparameter. This is useful when you have multiple identifier sign-up methods enabled.
For example, sending users directly to the enterprise SSO sign-in form:
curl --location \
--request GET 'https://<your-tenant>.logto.app/oidc/auth?client_id=<client_id>&...&first_screen=single_sign_on'
identifier
The identifier parameter is used to specify the identifier types that the sign-in or sign-up form will take. This parameter is only applicable when the first_screen parameter is set to identifier:sign-in, identifier:register, or reset_password. Supported values are: username, email, and phone. Separate multiple values with a empty space to allow multiple identifier types.
For example, sending users directly to the email or phone number sign-up page:
curl --location \
--request GET 'https://<your-tenant>.logto.app/oidc/auth?client_id=<client_id>&...&first_screen=identifier:register&identifier=email phone'
All the identifier types specified in this parameter must be enabled in your sign-in or sign-up settings in the Logto Console.
Any unsupported or disabled identifier types will be ignored. If all specified identifiers are unsupported, the default sign-in experience configuration will be used.
login_hint
The login_hint parameter, defined in the standard OpenID Connect specification, is used to pre-populate the sign-in form with the user's identifier (such as an email, a phone number or username). With Logto, it can be combined with other sign-in screen parameters to enhance the user experience. This parameter is especially useful if you have a custom pre-authentication form that collects the user's identifier in advance, allowing them to skip re-entering it during sign-in.
For example, pre-populating the collected email address in the sign-in form:
curl --location \
--request GET 'https://<your-tenant>.logto.app/oidc/auth?client_id=<client_id>&...&first_screen=identifier:sign_in&identifier=email&login_hint=[email protected]
SDK support
In supported Logto SDKs, you can set the parameters when calling the signIn method:
logtoClient.signIn({
redirectUri: 'https://your-app.com/callback',
firstScreen: 'identifier:register',
identifier: ['email', 'phone'],
loginHint: '[email protected]',
});
We are gradually adding support for the first_screen, identifier, and login_hint parameters to all Logto SDKs. If you don't see them in your SDK, please open an issue or contact us.
For Logto OSS users, theses parameters are supported since version 1.15.0. If you are using an older version, please upgrade to the latest version.