Docs

Delegation Tokens

New Universal Login Experience

Auth0's New SAMLUniversal Login Experience provides a reimagined login flow, with a fresh UX design, and lightweight pages. When you pick this new experience, Auth0 will use it for all pages that haven't been customized. It can be enabled from the Universal Login Settings dashboard section:

Login Page

The key structural difference with the Classic Experience is that while the former uses Javascript widgets in all the pages, the New Experience is rendered on the server and does not require Javascript.

From a functional perspective, it has much better support for Localization, a better MFA experience, and several improvements across all pages. The New Experience is being actively developed, so new features are regularly added. However, there is still a feature gap with the Classic Experience, and some pages in the New Experience have certain differences detailed below.

How to get a delegation token

Login

  • If you are using Development Keys for Social Providers:

    • scopeSingle Sign-on (SSO) and Silent Authentication will work properly, which does not happen in the Classic Experience.

    • Users will see a warning in the login page mentioning that the tenant is configured with Development Keys.

  • A button will be rendered for each social and enterprise connection.

  • A 'show password' icon will be displayed next to the password field.

  • If you redirect users to the /login page directly, they will get a error unless they have configured the default login route. You should always redirect users to the proper authorization request endpoint (e.g. /authorize if you are using OpenID Connect).

Auth0.js Example

Multi-Factor Authentication

  • If users have more than one multi-factor authentication (MFA) factor enrolled (e.g., SMS and Push notifications), the new MFA page will let the user select which one they want to use.

  • You can use Email as an MFA factor.

  • If you are using the Guardian SDK to create your own native application to handle Push Notifications, you can configure the name of the application and the URLs to download them in the "Push via Auth0 Guardian" option in the MFA Dashboard > MFA section.

  • If you have a rule that sets the MFA provider to google-authenticator you need to enable the OTP factor in the Dashboard > MFA section.

Validity Period and Termination

Password Reset

  • In the Classic Experience you can configure a url to redirect users after completing the password reset. The URL will receive a success indicator and a message. The New Experience will redirect the users to the default login route when it succeeds, and will handle the error cases as part of the Universal Login flow. The Redirect URL in the email template will be ignored.

  • A 'show password' icon will be displayed next to the password fields.

  • If the Database Connection is set to 'Require Username', the password reset flow will ask the user for the username and send an the password reset email to the associated email address.

Using Delegation Tokens with Public Applications

Email Verification

  • After user clicks in the email verification link, they'll get redirected to a page that will confirm that their email is verified. If the default login route is configured, users will be able to click a button and get redirected to it.
  • The logo and colors selected in the dashboard configuration section will be properly applied.

Custom DB Connections

When using Custom DB Connections:

  • The password reset flow will function properly even if you return errors from the change password script.
  • The errors returned in ValidationErrors or WrongUsernameOrPasswordError will be displayed in the corresponding pages.

Internationalization

Branding

  • You can configure the favicon URL and a custom font URL by using the Branding API.

Implement Universal Login

For detailed instructions on setting up your application to use Universal Login, check out our Quickstart guides and choose the one that best fits your chosen technologies. The Quickstart guides will walk you through all of the implementation steps.