In this screencast we'll look at how to set up user and password based authentication in Auth0. There are two general ways of storing users and passwords, either using Auth0's database servers or connecting to your own database on your servers. Using Auth0's servers is preferred because it's the most secure option and it's the simplest to use. The option to connect to your own servers is available primarily to support migration from your servers to Auth0 and to support legacy systems. We'll cover this topic further in a future screencast.
When you first create an account in Auth0 a default database connection is set up for you. You can see the default connection by clicking connections and database in the navigation menu. You can create a new database connection by clicking the new database connection button, but for now we'll just click on the username password authentication link which will allow us to review the default configuration and make changes if desired.
There are just a few simple configuration options which we'll go over briefly. If you'd like to store a user name in addition to an email address, you can enable the requires username option. Enabling the import users to Auth0 option would be used when you have an existing set of users that you wish to migrate over to Auth0. The way this works is you'd set up a connection to your database through Auth0, and then as users log in a simple script would verify the user and password in your existing database and then save the user and password in Auth0. After all your users have logged in once with Auth0 you've effectively migrated your users. The disable signups option prevents users from signing up on their own. In this scenario you'd either need to manually create the user from the Auth0 dashboard or create the user using the Auth0 API. The improved brute force protection option limits the number of failed log in attempts for a particular account from a particular IP address.
You can specify the minimum password strength required for your users by clicking on the password strength link and adjusting the level as appropriate for your application. We'll go ahead and change our password strength to good and save the settings. Now we can go ahead and test this out by clicking the try connection link which will open a new browser window that displays the Auth0 Lock. I'll go ahead and click sign up and create a new user account. When I start typing the password, Lock shows us the password requirements based on what we just set up for password strength. After we click the sign up button we'll get forwarded to a page that confirms we're able to set up the new user. This page also shows us the user's profile information that will be made available to your application.
Stay tuned for the next screencast where we'll write a small app that will use social and database connections with Lock.