Docs

Configuring the Authorization Extension

Versionv2

Logout

Silent Authentication

Mitigate replay attacks when using the Implicit Flow

Access Tokens for the Management API

Log Users Out of Auth0

Redirect Users After Logout

OIDC Conformant Authentication Adoption Guide

Integrate Auth0 with Amazon Cognito

Legal Identity Providers

Authorization Code Flow with Proof Key for Code Exchange (PKCE)

Call API Using the Authorization Code Flow

Auth0 Single Page App SDK

Lock v11 for Web

Versionv11

Password Strength in Auth0 Database Connections

Sample Use Cases - Rules with Passwordless Authentication

Lock Configuration Options

Versionv11

JSON Web Token Structure

Application Types - Confidential vs. Public

Call API Using Device Authorization Flow

Call API Using the Implicit Flow

Normalized User Profile Schema

Versionauth0

The attributes that Auth0 maps to a common schema are listed below.

Fields that are always generated:

  • name: the user's full name.
  • nickname: the user's username if available, else the local-part of the user's email.
  • picture: the URL of the user's picture. If unavailable, Auth0 uses the Gravatar image associated with the user's email address.
  • user_id: the user's unique identifier. This is unique per Connection, but the same for all apps that authenticate via that Connection.

By default, a user's name, nickname, and picture attributes provided by identity providers other than Auth0 (such as Google, Facebook, Twitter) are not directly editable since they are updated from the identity provider each time a user logs in. If you want to be able to edit these attributes, you must configure your connection sync with Auth0 so that user attributes will be updated from the identity provider only on user profile creation. Root attributes will then be available to be edited individually or by bulk import using the Management API.

Fields that are generated when the details are available:

  • email: the user's email address.
  • email_verified: a boolean indicating if the user's email address has been verified.
  • given_name: the user's first name.
  • family_name: the user's last name.

When creating a user with the create a User Management API endpoint you can submit the given_name and family_name. By default, a user's given_name and family_name attributes provided by identity providers other than Auth0 (such as Google, Facebook, Twitter) are not directly editable since they are updated from the identity provider each time a user logs in. If you want to be able to edit these attributes, you must configure your connection sync with Auth0 so that user attributes will be updated from the identity provider only on user profile creation. Root attributes will then be available to be edited individually or by bulk import using the Management API

Custom Databases

If you are writing a login script for a custom database you are responsible for returning the information in the user profile. A unique and immutable user_id property is mandatory to correctly identify the user (see Uniquely Identify Users).

Configure the Extension

Quickstarts for logout functionality

Initiate a Silent Authentication request

Generate a cryptographically random nonce

Keep reading

Keep reading

Limitations

Who is this guide for?

Configure Amazon Web Services

How it works

Prerequisites

Installation

Lock Installation

Password policies

Require Multi-factor Authentication for users who are outside the corporate network

Get Started

Index of Configurable Options

Get the Profile

Confidential applications

Prerequisites

Prerequisites

Additional Attributes

The User Profile includes an array of identities. In the most common case (logging in with a single provider), the array contains only one element. If the user has multiple accounts linked, the array will have an element for each associated account.

For more information, see: Link Accounts.

The identities array contains the following attributes:

  • connection: the name of the connection.
  • isSocial: indicates if the provider is a Social provider.
  • provider: the provider of the connection.
  • user_id: the unique identifier of the user for this connection.

Auth0 will pass to your app all other properties supplied by the identity provider, even if those that are not mapped to the standard attributes listed above.

ApiKey

Native/Mobile Apps

Successful authentication response

Persist nonces across requests

Additional requirements for Facebook

Terminology

Create a new OpenID Connect Provider

How to implement it

Steps

Getting Started

Installation Sources

Minimum password length

Data Management

Display

Payload

Display the User's Name in the Navigation Bar

Grant types

Steps

Steps

Keep reading