Blog

TL;DR: you can access Azure Storage APIs securely from browsers (i.e. using JavaScript) or native apps, without the need of a backend server. Live demo @ http://auth0.github.io/auth0-azure-blob-sample/

---

Today’s modern cloud provides developers with a rich choice of building blocks for creating new and innovative applications faster than ever before. Utilizing Auth0 developers can build applications that are secure and scalable without the need for a traditional backend server. This significantly reduces your time to release as well as the cost of maintenance over the life of your application.

In this post you will see an example of how you can use Auth0 and the near infinite scale of Azure Blob Storage to build a rich and secure client application without a traditional backend. This example is built entirely in HTML/JavaScript and runs in the browser while still providing secure, authenticated access to resources in Azure Blob Storage.

Continue →

Following last month's new pricing announcement and new free and full-featured developer plan, today we are adding a Startup Plan to our pricing.

Startup Plan

The deal is very simple, if you meet the three conditions below:

• less than $1M in Annual Recurring Revenue (ARR)
• less than $2M in raised funding
• less than 2 years old

you get unrestricted usage of Auth0 for 1 year for $99 per month.

It's that simple.

Email startup@auth0.com for requesting your Startup plan.

Continue →

Introduction

Today we are very pleased to announce Auth0 new pricing, along with a new free and full-featured developer plan.

New Pricing

Based on the feedback we received over the last few months, we have modified our pricing structure to be much more flexible, allowing you to create custom packages that best fit your needs.

Instead of fixed tiered packages, Auth0 subscriptions can now be tailored by:

• Identity provider types: Social, Social+ and Enterprise.
• Number of active users.
• Optional features, such as premium support or guaranteed SLA.
• We have also introduced a yearly commitment option.

Always Free for Developers

The other key change is our new developer subscription:

• It now includes all the features of the Auth0 platform.
• It has no time limit.
• It is free for non-production use (up to 20 active users).

No more trial period. When you create a free account with Auth0, you now get access to the entirety of the Auth0 platform, for as long as you need. You can test all the required use cases and move to a paid plan only when it is the right time to do so, typically when you go in production.

The 20 active users limit is well above what we have seen in pre-production developer accounts, where the active users are usually the developer herself, a few members of the team, and a couple of test users; but don't worry if you are still developing and testing your application and you occasionally spike over 20, we won't ever block you.

Continue →

---

TL;DR: You can get a working sample that uses Auth0, Cognito, and iOS in this Github repository

---

We’ve come to an era where a critical component of a solution is providing a fantastic experience for the user. The focus is now on the client: web or native. But all powerful apps need a backend, which usually mean servers you run that expose an API.  However, it is now possible to securely interact with services like Amazon Cognito, Firebase, and others directly from the client code, with no server of your own.

In this post, I’ll explain how you can integrate your mobile app with two solutions: Auth0 to get authentication with either Social Providers (Facebook, Twitter, etc.), Enterprise providers or regular Username and Password, and Amazon Cognito, to get a backend for your app without writing a line of code

Continue →

Providing an always-on, highly secure identity service is core to the Auth0 brand promise. As such, all our systems, controls and processes have always been designed with security and availability as critical design points.

Today, we are going one step further and we are pleased to announce that we have achieved SOC 2 Type 1 certification.

Continue →

Most APIs today use an API Key to authenticate legitimate clients. API Keys are very simple to use from the consumer perspective:

1. You get an API key from the service (in essence a shared secret).
2. Add the key to an Authorization header.
3. Call the API.

It can't get simpler than that, but this approach has some limitations.

The last couple of months, we've been working on our API v2. We wanted to share what we've learnt implementing a more powerful security model using JSON Web Tokens.

Continue →

A few weeks back we released the first version of our native iOS SDK to help you add authentication to your app.

We needed a Keychain library that supported the following features:

• TouchID Support: An option to make a private keychain value only available if the user entered his fingerprint
• Accessibility options: An option to state wether the keychain value could be got if the iPhone is Locked, Unlocked or in which state
• Shared Group: We needed Shared Group support so that 2 different apps could share keychain values

As there was no library that fulfilled our needs, we decided to build SimpleKeychain.

Let’s see some of the different use cases that we’ve created and used.

Continue →

Amazon introduced today a new feature called AWS Directory Service. In a nutshell, it allows:

• Connect existing Active Directory to the cloud or to create complete new Directories from scratch.
• Seamless administration of AWS Resources.
• Seamless access to AWS applications for end-users.
• Simplify Deployment of Windows Workloads on AWS.
• Pay as you go (0.05 $/hr for small installations and $0.15 for large)

Continue →

Following our blog post about how to use JWTs on AngularJS, we've decided to go one step further to make this simpler.

We've created a library called angular-jwt to handle some of the common problems that arise when dealing with JWTs. We'll soon be using this library in our own Angular SDK to handle JWTs as well.

Throughout this article we'll go over some of the common questions asked by our customers that we aim to solve with angular-jwt.

Continue →

Today I am very proud to announce that we’ve raised $2.4 Million in seed funding led by Bessemer Venture Partners, with participation from K9 Ventures, Portland Seed Fund, NXTP Labs and individual investors.

In the same way Twilio democratized access to SMS and voice communications, Auth0 developed an identity service to eliminate the growing complexity of authentication and authorization for developers. Auth0 has the dream team in authentication security, which is why developers are so quickly adopting their API as the de facto way to do logins. David Cowan, Partner at Bessemer Venture Partners.

I am also very proud to share that Auth0 has crossed the 8,000 subscriber mark and is now used in 124 countries.

Continue →

Auth0 SDKs make it really easy to add SSO to any app, on any platform. But sometimes, apps cannot be modified. What to do then?

A very simple solution is to front any web content with a web server that itself is capable of negotiating authentication for users. One web server with the extensibility required for plugging-in any auth is Apache server.

In this post, we'll learn how to install and configure mod_auth_openidc to work with Apache and Auth0.

Continue →

This is a guest post by Dmitry Zaytsev. He is the Developer Evangelist at Appery.io

Building mobile apps with identity management wasn't simple, until now. Auth0, a cloud service that eliminates the friction of identity for your app, and Appery.io, the only cloud platform with visual development tools and integrated backend services are collaborating to make this happen. With the jointly created Appery.io Auth0 plugin, you can simplify identity management integration for your app and this post will show you how.

Register for the Auth0 and Appery.io joint webinar on August 6, 2014 at 11:00 AM PT

Building Secure Mobile Apps in the Cloud with Appery.io and Auth0 Identity Management

Register now

Continue →

We recently published the first version of the WordPress plugin for Auth0, which provides:

• Single Sign On with Enterprise Directories (LDAP, AD, Google Apps, Office365 and SAML Providers).
• Shared User/Password between multiple WordPress instances for Single Sign On.
• Single Sign On with +30 Social Providers.
• User Management Dashboard.
• Optional Multi Factor Authentication.
• Single Sign On between WordPress and other Applications.
• Reporting and Analytics.

Continue →

This is a guest post by Taiseer Joudeh. He has more than 8 years of experience spent in developing and managing different software solutions for finance, transportation, logistics, and e-commerce sectors. He is a frequent blogger on http://bitoftech.net, and you can follow him on twitter @tjoudeh

Two weeks ago I've blogged about using tokens to authenticate users in single page applications. I've used ASP.NET Web API, Owin middleware and ASP.NET Identity to store local accounts in database. I didn't tap into social identity logins (such as Google, Microsoft Accounts, Facebook, etc.) because each provider does not supply the same information (profile schema) about the logged in user and there might be properties missing or with different names, so handling this manually and storing those different schemes will not be a straight forward process.

I was introduced to Auth0 by Matias Woloski. Basically Auth0 is a feature rich identity management system which supports local database accounts, integration with more than 30 social identity providers and enterprise identity providers (such as AD, Office 365, Google Apps, etc.). You can check the full list here.

In this post I'll implement the same set of features I've implemented previously but using Auth0 management system as well as integrating authentication with multiple social identity providers using less code in the back-end API and in the front-end application. The front end will be built using AngularJS. So let's jump to the implementation.

Continue →

Few months ago GitHub implemented Smart HTTP support for GIT. This is fascinating, because the previous version of the http based transport was very slow compared to SSH.

What I like the most about using HTTP, is that you can extend it. In particular, you can use your own authentication scheme. For example, you could use any OAuth based login (like Google, Facebook or Amazon for example) to clone repos!

So we prototyped with Smart HTTP using Grack and integrated that with Auth0.

Continue →