auth0

Getting “Callback URL mismatch” with Auth0

只谈情不闲聊 提交于 2019-12-07 08:32:44
问题 I have an Auth0 client that's configured with the following callback URL: http://localhost:4200 I can log in just fine. The problem is when I navigate to a certain URL in my app: http://localhost:4200/places . Here's what happens: I navigate to http://localhost:4200/places Angular redirects me (correctly) to http://localhost:4200 I try to log in I get an error from Auth0 saying "The url "http://localhost:4200/places" is not in the list of allowed callback URLs". Auth0 is right, http:/

NestJS Authentication with Auth0 via `passport-jwt`

寵の児 提交于 2019-12-07 07:44:50
问题 I'm trying to create a NestJS project that uses Auth0 for authentication, with the passport-jwt library (in conjunction with @nestjs/passport ), though I am unable to get it to work. I'm not sure where I'm going wrong. I've read the docs over and over again but still can't find the problem. Code /src/auth/jwt.strategy.ts import { Injectable, UnauthorizedException } from '@nestjs/common'; import { PassportStrategy } from '@nestjs/passport'; import { ExtractJwt, Strategy } from 'passport-jwt';

Secure API with Azure AD/B2C users

倖福魔咒の 提交于 2019-12-07 05:40:52
问题 My use case is: Create users via API with custom fields, nominated password using any email address Update/disable those users via API 'Sign in' to Azure AD app with user details via rest API to obtain token Make authorised requests to Web API when token passed in Http header Can all of this be achieved with straight Azure AD/B2C or should I be looking at some other identity provider e.g. IdentityServer/Auth0? Edit 1 I'm getting very confused between AAD apps/users and B2C apps/users, there

How to check for custom OpenID claim in an IAM role's trust policy?

社会主义新天地 提交于 2019-12-07 04:49:47
问题 I am authenticating users with auth0 to receive a id token containing the following claim "http://myapp.com/scope": "write" Using a Cognito identity pool with an OpenID authentication provider (namely, auth0), I am able to successfully get temporary credentials to access aws services. However, I want to restrict access to these services based on my custom claim above. I believe the proper way to do this is by editing the trust policy associated with my identity pool, but I am not sure how to

How is angular-jwt decoding my JWT without a secret?

我们两清 提交于 2019-12-06 20:59:44
问题 The Auth0 team created something called "angular-jwt" which has a jwtHelper class. This thing successfully decodes a local JWT without the secret I used on the server. How did this happen? If they are not secure, then what is the point of using a secret to sign/encrypt them? Function on the server that encrypts the token (using "jsonwebtoken"): function createToken (user) { return jwt.sign(_.omit(user, 'password'), config.secret, { expiresInMinutes: 60*5 }); } Code from the client: angular

how to generate AndroidManifest.xml from a react-native app created with react-native init

纵然是瞬间 提交于 2019-12-06 18:52:46
问题 I used react-native init to create my react application. I'm trying to tie in auth0 and auth0 documentation is saying I need something from the androidManafest.xml. The problem is that the react-native init didn't create "android/app/src/main/AndroidManifest.xml " during the process. How does this get created and tie into my react-native app? 回答1: I am doing the same thing and had to hunt around for it, but after I did a react-native run-android I found that very file in the following folder:

Auth0 Angular 2 sso single sign on

不羁岁月 提交于 2019-12-06 16:21:59
问题 I have just started playing around with auth0 and I am trying to create a proof of concept. I am trying to create a single sign on solution in angular 2. Can anyone point me to any example code that does this? 回答1: Try this example. This gives a basic application with Auth0 service. 回答2: I know It is an old question, But if anyone is looking for the solution then Github Repo example of sso in angular 2 And a Detail explanation of this example. https://auth0.com/blog/angular-2-authentication/

Single Sign On (SSO) solution/architecture for Single Page App (SPA)

梦想与她 提交于 2019-12-06 09:17:48
问题 I've been investigating SSO solution for SPAs for some time. There're a lot of solutions with subtle difference, while I also found not really everyone has the same understanding of SSO and not many established pattern of SSO for SPA are out there. Thus I'm not asking for a detailed design/architecture, but just try to see if there's any common practice on this topic. What do I mean for SSO? We have a few new SPAs under development(also potentially mobile and tablet apps), which will be

Include user_metadata and app_metadata in JWT using Auth0

坚强是说给别人听的谎言 提交于 2019-12-06 08:12:38
I am using Angular 2 and Auth0 for authentication on my web app. I am able to get the user profile using the following code: auth0 = new auth0.WebAuth({ domain: 'MY-DOMAIN', clientID: 'MY-CLIENT-ID', callbackURL: 'MY-CALLBACK', responseType: 'token id_token' }); Login: public login(username: string, password: string): void { this.auth0.client.login({ realm: 'Username-Password-Authentication', username, password }, (err: any, authResult: any) => { if (err) { alert('Error: ' + err.description); return; } if (authResult && authResult.idToken && authResult.accessToken) { this.setUser(authResult);

Why can i easily decode auth0 id_token on jwt.io?

梦想与她 提交于 2019-12-06 02:23:41
问题 Okay, i'm developing an Angular 2 app. I've added auth0 authentication, but to me it handles sessions very insecurely. The jwt token is not encrypted and saved inside localStorage. The claims are visible for anyone, they can easily be decoded and revealed. Not to mention, Web Storage itself isn't a secure place. I'm opting for JWTs because later i want to transform this web app to desktop app with electron and so i cannot use cookie-sessions. My users will have additional information such as
订阅 auth0