I find it baffling just how poorly documented most big projects are. Auth0 by Okta has a fair bit of cash, lots of customers, and almost completely absent documentation. Here's how to successfully authenticate a JWT supplied by Auth0. Once your user has authenticated with Auth0, they will be given an accessToken and an idToken. Only the idToken is needed for our purposes. It will look…
Continue reading →
I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs. There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon. All is not lost…
Continue reading →
So you want to add OSM as an OAuth provider to Auth0? Here's a tip - you do not want to create a custom social connection! Instead, you need to create an "OpenID Connect" provider. Here's how. OpenSteetMap As per the OAuth documentation you will need to: Register a new app at https://www.openstreetmap.org/oauth2/applications/ Give it a name that users will recognise Give it a redirect of…
Continue reading →
This is so fucking stupid. There is no way to update the logo of a custom social connection on Auth0 without using the command line. On literally every other service I've used, there's a little box to upload a logo. But Okta have a funny idea of what developers want. And, to make matters worse, their documentation contains an error! They don't listen to community requests or take bug reports,…
Continue reading →
Let's say you have a website - your_website.tld - and you want people to log in to it using their Mastodon account. For a traditional social-media site like Twitter or Facebook, you would create an OAuth app on the service that you want. But there are hundreds of Mastodon servers. So you need to create a new app for each one. That sounds hard, but it isn't. Well… not too hard. Here's some c…
Continue reading →
Grrrr. Auth0 have a nifty service to let users log in to your site using a social network. Users don't need an account with you, they can sign in with Twitter, Facebook, GitHub, etc. But there's a bug which is five years old. Auth0 doesn't show the screen name of Twitter users (e.g. @edent). There was a workaround using their "rules" product. But rules are being removed next month and we all…
Continue reading →
I am using Auth0's Symfony library to allow users to log in with their social network providers. It works really well. Using this firewall configuration, a user who visits /private is successfully taken through the login flow and I can then use $this->getUser() to see their details. security: password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: …
Continue reading →
The inimitable Simon Willison has a brilliant presentation all about managing side projects: It is all good advice. But I gently disagree with the slide which says: Avoid side projects with user accounts If it has user accounts it’s not a side-project, it’s an unpaid job I get the sentiment. Storing passwords securely is hard. Dealing with users changing their names is hard. Updating avatars …
Continue reading →
