Skip to content

UX polish: autofill/autocomplete on hosted-login fields + AuthFlowBuilder affordances #231

Description

@ahmetabdullahgultekin

Consolidated from the 2026-06-02 UI/UX review (the EN/TR toggle VL-1 and the missing common.* i18n keys are already FIXED on origin/main — verified — so they're excluded). Still-open polish:

Autofill / a11y (password-manager + mobile autofill):

  • verify identifier field (LoginMfaFlow) lacks name/autoComplete="email"/aria-label (the dashboard field sets all three).
  • shared PasswordStep sets name but no autoComplete="current-password".
  • OTP steps (EmailOtpStep/SmsOtpStep/TotpStep) lack autoComplete="one-time-code" → iOS/Android won't surface the SMS/email autofill chip.
  • verify /favicon.{ico,svg} 404s.

AuthFlowBuilder affordances:

  • "Operation Type" dropdown is prominent but only categorizes (never injects/locks a step) → demote to a chip/helper-text or move to Advanced.
  • Layers can't be reordered (no up/down) → add renumbering arrows.
  • per-layer timeout/maxAttempts are hardcoded (120s/3) with no UI → add an Advanced disclosure.

All low-risk UX; no security impact.

Metadata

Metadata

Assignees

No one assigned

    Labels

    surface/webweb-app (React dashboard + hosted login)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions