This is so fucking stupid. There is no way to update the logo of a custom social connection on Auth0 without using the command line. On literally every other service I've used, there's a little box to upload a logo. But Okta have a funny idea of what developers want. And, to make matters worse, their documentation contains an error! They don't listen to community requests or take bug reports, so I'm blogging in the hope that this is useful to you. The Command curl --request PATCH \ -H…
Continue reading →
Let's say you have a website - your_website.tld - and you want people to log in to it using their Mastodon account. For a traditional social-media site like Twitter or Facebook, you would create an OAuth app on the service that you want. But there are hundreds of Mastodon servers. So you need to create a new app for each one. That sounds hard, but it isn't. Well… not too hard. Here's some code adapted from Infosec.press. It's all written using cURL on the command line - so you should be a…
Continue reading →
Grrrr. Auth0 have a nifty service to let users log in to your site using a social network. Users don't need an account with you, they can sign in with Twitter, Facebook, GitHub, etc. But there's a bug which is five years old. Auth0 doesn't show the screen name of Twitter users (e.g. @edent). There was a workaround using their "rules" product. But rules are being removed next month and we all need to transition to "Actions". Why? Because fuck you, that's why. Auth0 have decoded that fixing…
Continue reading →
I am using Auth0's Symfony library to allow users to log in with their social network providers. It works really well. Using this firewall configuration, a user who visits /private is successfully taken through the login flow and I can then use $this->getUser() to see their details. security: password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' providers: users_in_memory: { memory: null } auth0_provider: …
Continue reading →
The inimitable Simon Willison has a brilliant presentation all about managing side projects: It is all good advice. But I gently disagree with the slide which says: Avoid side projects with user accounts If it has user accounts it’s not a side-project, it’s an unpaid job I get the sentiment. Storing passwords securely is hard. Dealing with users changing their names is hard. Updating avatars is hard. GDPR is hard. It's just a lot of pain and suffering. But I still have user accounts on…
Continue reading →
