An application is one of the core concepts in Auth0. It’s also usually your starting point. Registering your app with Auth0 allows you to automatically login users in multiple ways (more of that later). You can change the way your users authenticate later on, without changing your app.
During the process of setting up an application in Auth0 you probably came across the reference to Lock. Lock is the easiest way to integrate Auth0 managed authentication into your application. You get a beautiful hosted and embeddable login form with a fully customizable look and feel – and it displays perfectly on any device at any resolution. It’s at about this point most developers wish they’d known about Auth0 earlier!
So you have an app…how about some users? Let’s start with the simplest form: a username and a password. It’s like the meat and potatoes of authentication. Auth0 provides database connections to authenticate users with an email/username and a password and securely store these credentials in the Auth0 user store, or in your own database.
One of the quickest ways to get up and running, particularly for new apps, is to allow users to register and authenticate with a username and password which is stored securely in an Auth0 database in your account.
Of course, you may already have a database of existing user credentials which lives somewhere else and you wish to continue using it – maybe it’s MySQL, MongoDB, Sql Server or something else. Auth0 supports virtually any custom user credentials store. For this, you use Auth0’s Custom Database feature.
Often there’s the situation where you want the best of both worlds – you have an existing database full of user credentials, but you’d prefer to utilise Auth0’s database for the security peace of mind and to free up the cost of infrastructure and/or licensing used for your existing database. In this case, you can use the “import users to Auth0” option to automatically migrate users over time. You’re welcome 😉
Users will be migrated automagically as they login. This way, no expensive bulk migration project is needed. You never need to shutdown your system and, best of all, you won’t need to reset user passwords.
If you’re looking for more than the meat and potatoes approach, the next common step for B2C apps is to enable Social Connections. Luckily, it’s as easy as flicking a switch. We mean that literally.
You might want to register your instance of Auth0 with each social network so you can customize and personalize the login experience further.
Almost everybody has various social network accounts – we’re on Facebook, Twitter, LinkedIn, GitHub and many others. A clever application can recognize the same user even when they login on different occasions with these various social profiles. A clever developer uses Auth0’s user account linking to sort it out.
B2C apps can live or die based solely on the user experience. If you can’t present relevant content or messaging quickly users tune out. The key to relevant content can be knowing your users. Auth0 includes a powerful rules engine which can be used (among other things) to enhance user profiles right there in the authentication flow.
As B2C apps mature, they need more mature functionality. The passwordless authentication feature can be used for both streamlining the login process (forgetting passwords becomes a thing of the past) and providing step-up MFA when a more sensitive action is requested by a user, such as changing profile information or processing a payment.