SideButton Portal Login (Auth0) — Knowledge Module

Portal Login (Auth0)

What This Is

Portal authentication entry point. As of the April 2026 redesign, SideButton switched from a custom email-only login form to Auth0 Universal Login. Users arriving at /login or /portal/login are 3xx-redirected to the hosted Auth0 login page at sidebutton.eu.auth0.com/u/login. The Auth0 page presents a standard email + password form with a "Show password" toggle and "Reset password" link. Successful authentication redirects back to the SideButton portal.

URL Patterns & Redirects

Request	HTTP Status	Destination
GET /login	308 Permanent Redirect	/portal/login
GET /portal/login (unauthenticated)	302 Found	Auth0 (sidebutton.eu.auth0.com/u/login?state=...)
GET /portal (unauthenticated)	302 → /portal/chat → 302 → /portal/login	Auth0
GET /portal/* (unauthenticated)	302	/portal/login → Auth0

Verified 2026-04-20 via curl.

Page Title & Meta (Auth0 page)

• <title>: Log in | SideButton
• Host: sidebutton.eu.auth0.com
• Path: /u/login

Page Structure (Auth0 Hosted Login)

+--[Auth0 hosted page — not SideButton chrome]-------+
|  [Banner]                                          |
|    SideButton logo                                 |
|    H1: "Welcome"                                   |
|                                                    |
|  [Form]                                            |
|    Email address *   [textbox]                     |
|    Password *        [textbox]                     |
|                      [Show password toggle]        |
|                      [Reset password link]         |
|                      [Continue button]             |
|                                                    |
|  [Additional form — single button, likely OAuth]   |
|                                                    |
|  [Link to the Auth0 website] (compliance footer)   |
+----------------------------------------------------+

Key Elements (Auth0 page)

Element	Selector	Notes
Logo	img "sidebutton"	SideButton brand logo
Welcome heading	heading "Welcome"	H1
Email input	textbox "Email address *"	Required; labeled "Email address"
Password input	textbox "Password *"	Required; labeled "Password"
Show password toggle	switch "Show password"	Toggle visibility of password field
Reset password	link "Reset password"	Navigates to Auth0 password reset flow
Continue button	button "Continue"	Submits credentials
Alternative auth button	button (unlabeled in snapshot)	Second form; likely social login or SSO
Auth0 compliance link	link "Link to the Auth0 website"	Bottom of page

Data Model

Login Form Fields

Field	Type	Required	Notes
Email address	email	yes	Standard email field
Password	password	yes	Masked by default

Auth Flow (observed)

1. User navigates to /login → 308 → /portal/login
2. /portal/login (server-side) → 302 → Auth0 hosted page with ?state=<opaque-token>
3. User submits email + password → Auth0 validates
4. On success: Auth0 redirects back to SideButton callback URL with session token
5. SideButton server sets session cookie → user lands on /portal/chat

States

State	Trigger	Visual Indicator
Initial	Navigate to /portal/login while unauthenticated	Redirected to Auth0; Welcome heading visible
Password hidden	Default	Password field shows dots
Password visible	Click Show password toggle	Password field shows plain text
Error	Submit invalid credentials	Auth0 inline error (not verified)
Authenticated	Valid credentials submitted	Redirect back to SideButton portal (session established)

Common Tasks

1. Log in to the portal

1. Navigate to /login OR /portal/login OR any /portal/* route while unauthenticated
2. Get redirected to sidebutton.eu.auth0.com/u/login
3. Fill textbox "Email address *"
4. Fill textbox "Password *"
5. Click button "Continue"
6. On success: redirect back to /portal/chat

2. Reset forgotten password

1. On Auth0 login page, click link "Reset password"
2. Follow Auth0's password-reset flow

3. Toggle password visibility while typing

1. Click switch "Show password" to reveal plain text
2. Click again to re-mask

Tips

• Auth0 is the source of truth — the login form is NOT part of the SideButton Astro app; it's rendered by Auth0's Universal Login. Selectors may change independently of SideButton releases.
• No SideButton header/footer on the Auth0 page — it's a clean auth page on sidebutton.eu.auth0.com.
• The second form with an unlabeled button is likely a social/SSO login button (Google, GitHub, etc.) — verify by screenshot if needed.
• Session establishment happens after Auth0 callback; the SideButton server sets cookies, not the Auth0 page.

Gotchas

• Auth0 redirect changes host — any automation must handle cross-origin navigation (sidebutton.com → sidebutton.eu.auth0.com → sidebutton.com/portal/chat).
• /login is no longer a real page — it's a 308 redirect. Tests expecting a SideButton-rendered login form will fail.
• Previous email-only form is GONE — the old single-field form (email only, no password) no longer exists. The Auth0 form requires BOTH email and password.
• State param is required — Auth0 URLs include a long ?state= token; don't cache or hardcode Auth0 URLs.
• Browser automation of Auth0 is fragile — Auth0 may change their login UI without notice. Prefer cookie-based session tokens or Auth0's /oauth/token endpoint for stable CI auth.
• Second form button is unlabeled in snapshot — its function (social login, passwordless, magic link, SSO) is unclear without screenshot verification.