Skip to content

Username / Password

Introduction

This is a well-known login method. You see an interface where you type in your username and password and hit “Submit”. If the entered username matches a stored account and the according password (hash) matches the stored one from that account, your access is granted.

usernamepassword1.png usernamepassword2.png

Technological Overview

  • Identity Provider: Auth0
  • Authentication Flow: Username/Password (Universal Login in Auth0)
  • Security: JWT-based authentication with refresh tokens.
  • Forgotten Password / Reset: Implemented in the configfrontend/monolith

Implementation Details

  • Frontend: Users log in via login button on the frontend that redirects to Auth0's hosted login page.
  • Backend: Auth0 issues an ID Token and Access Token, validated using the Auth0 public key.
  • Session Management: Implemented via silent authentication and refresh tokens.
  • User Management: Users are stored in Auth0 with custom metadata for roles and permissions.
  • Database: For the moment we are using the legacy user database for user data and roles. We treat the Database as the source of truth and replicate/update the user's data in Auth0. In the future Auth0 will be the source of truth and the user's Database won't be used any longer for user's authentication.

Customer Information

  • Customer Group: Standalone customers

Additional Information

Testing

Development

You can use this user to log in on development servers:

Stage / Feature Envs

Find everything regarding our shared Stage test accounts on our Confluence page.

Production

We don't recommend testing in the production environment, but to test everything before the production deployment on local machines, feature environments or the stage environment. However we are aware that there are cases where some final validation on production can be neccessary.

The easiest way to receive an account that can be used for login with username and password is to register a new account using your own statista email address.

If you require special account (e.g. discovery, professional), please contact the QA community.

Test Cases

  • Users can log in using username and password
  • Users receive an error message upon entering a wrong username or password
  • Blocked users receive an error message upon login using username and password
  • Users with different products (Basic Plus, Personal etc.) have the correct permissions after login

These users can just logout and login with another user.

  • Logged in users can logout using the "Logout" button.
  • Recently logged out users are logged out on the Monolith and Statista 4.0 apps.
Last updated: March 24, 2026 at 10:39
By: Axel Tetzlaff