Blog

A guest post from identity expert Dominick Baier. Cross posted on leastprivilege.com

---

AuthorizationServer is a lightweight OAuth2 implementation that is designed to integrate with arbitrary identity management systems. I wrote about integration with Thinktecture IdentityServer, ADFS and even plain Windows integrated authentication before.

Another really compelling and feature rich identity management is Auth0. Auth0 supports local account databases, federation with almost anything you can imagine, claims transformation, UI customization and a great documentation and SDKs. The fact that it is also available as an on-premises appliance (in addition to their cloud offering) is especially interesting for my European customers and me.

Here’s what I had to do to integrate AuthorizationServer with Auth0.

Continue →

TL;DR: you can access the AWS APIs securely (e.g. S3, DynamoDB, EC2) from browsers (i.e. using JavaScript) or native apps, without the need of a backend server. Live demo @ http://auth0.github.io/auth0-s3-sample/

---

In the past, we've talked about how it's becoming so much easier to write client side apps that are still fully secure thanks to JSON Web Tokens: (Cookies vs Tokens, Token-based auth with socket.io and 10 things you should know about tokens).

Continue →

OpenID Connect final specs 1.0 were published today! This is a milestone for the identity community and we are happy to have been part of its development.

When we started writing the core functionality of Auth0, we had to decide which authentication protocols we were going to support. Back then, there were WS-Federation, SAML, and OAuth2. This last one was being widely adopted by companies like Facebook, Google, Microsoft, etc.

Continue →

Couple weeks ago we published a short article about cookies vs tokens in the context of single page applications, in particular applied to AngularJs apps. It seems the community is interested in this topic, so we published a second article on token based authentication in realtime frameworks like socket.io. There is a great interest in this subject so we decided to continue with an article that explores in more detail some of the most common questions around token-based authentication. So here we go...

Continue →

Introduction

Authentication in realtime frameworks can be challenging. Perhaps this is because the way these systems work is quite different from a regular web app. The risk of not correctly authenticating your sockets traffic is that you could end up sniffing information on other users streams. The socket server will not automagically know about the logged-in user, thus anyone could join any stream.

Continue →

Introduction

There are basically two different ways of implementing server side authentication for apps with a frontend and an API:

• The most adopted one, is Cookie-Based Authentication (you can find an example here) that uses server side cookies to authenticate the user on every request.

• A newer approach, Token-Based Authentication, relies on a signed token that is sent to the server on each request.

Continue →

For the last few months, we've been working on many new features and improvements to the platform. We have reached 1700+ subscribers to our service, and there are now many companies using the private cloud/on-premises appliance daily. Thanks for your support, feedback and business!

As this first year closes for us, we wanted to share some of the highlights of Auth0, and the functionality we've added in these past months:

1. 1. Know who is using your apps
2. 2. Richer user profiles
3. 3. Avoid building yet another user/password store
4. 4. Increase your conversion rates
5. 5. Decrease development costs with our SDKs
6. 6. SAML-enable your applications
7. 7. Lighter, better UX and open sourced Login Widget
8. 8. Waste no time remembering passwords
9. 9. Deploy Auth0 Anywhere
10. 10. A Robust online infrastructure

Continue →

Auth0 is a truly symmetric service: it is offered as a service, it can be deployed on your own cloud environment, or it can run on-premises.

Across all these environments you will enjoy the same experience and functionality. You can start in one, and then move to another one. You can use our service for development and QA, but then run in production with your own dedicated instance. From an application perspective, the impact is reduced to a new URL, and minor configuration settings.

Continue →

Node Knockout is a 48-hour hackathon where devs across the world gather in teams and implement an application using node.js.

The knockout time goes really fast. Don't waste time on things that are not the core of your idea.

Auth0 takes authentication out of your way. Auth0 allows you to connect with +10 identity providers: Amazon, Google, Facebook, Twitter, LiveID, GitHub, 37Signals, PayPal, LinkedIn, Yandex, Fitbit. It also provides a ready to use username/password store (including signup and forgot password flow). It all works out of the box with just a few lines of code.

Quick Start in 3 easy steps:

1. Create a free account in Auth0

Continue →

WS-Federation has been supported in Auth0 for quite some time. After all, it is the protocol used by SharePoint, MS-CRM, Rights Management Server, all of them supported by Auth0 from the very beginning. Not surprisignly, WS-Fed is primarly a Microsoft centered protocol.

We have now opened up the protocol to any app, by adding a WS-FED application type. We expect it will be used mostly by developers in the Microsoft platform using Windows Identity Foundation.

With this, you can do protocol transition between WS-Fed and any of the supported identity providers in Auth0 regardless of what protocol they implement: SAML-P, OpenID, OAuth2, OAuth1, databases, etc.

Continue →

In this post, I'll show you how easy it is with Auth0 to get an app running on Heroku, authenticating users with Google, Salesforce and more traditional Usernames & Passwords.

Check the link at the end of the post for the complete source of the example.

Auth0 ships SDKs for all popluar dev platforms, but for this tutorial I will use a very simple node.js application. If you are a Rails developer, check out our Rails tutorial

I'll also use OpenID Connect as the underlying protocol.

Continue →

We recently released a much improved visualization for Auth0's user log. Auth0 keeps track of many important events related to your users activity: successful logins, unsuccessful attempts, date & time of access, location, OS & browser version, among others.

You can browse all these details under the users section in the dashboard.

Here's a quick demo:

Continue →

We are moving from the deprectad Google Apps Provisioning API to the new Google Apps Directory API.

__This will affect you only if you are using Google Apps and the /users endpoints of Auth0.

Continue →

Auth0 is now available on Heroku as an add-on (private beta for now), making it incredibly easy to add Enterprise SSO, Consumer Logins, Directories queries, user access audit and many advanced identity management to any app hosted there. See here for a complete list of supported identity providers in Auth0: Consumer and Enterprise.

A 3 min video is worth 1,000,000 words. Take a look:

Continue →

A few days ago we released integration between Auth0 and New Relic. You can now login to New Relic with your Github, Google, Amazon, Twitter, Active Directory or LDAP accounts. See here for a complete list of supported identity providers in Auth0: Consumer and Enterprise.

As with other integrations we have published, setup takes just a few minutes and it is straight-forward:

Add New Relic from the dashboard:

Continue →