Nico Sabena nicosabena
nicosabena
/ Startup-for-OIDC-HS256.cs
Last active
October 28, 2016 12:07
ASP.Net Core startup settings for Auth0 OIDC with HS256 signed tokens
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using Microsoft.AspNetCore.Authentication.Cookies; | |
| using Microsoft.AspNetCore.Builder; | |
| using Microsoft.AspNetCore.Hosting; | |
| using Microsoft.AspNetCore.Http; | |
| using Microsoft.Extensions.Configuration; | |
| using Microsoft.Extensions.DependencyInjection; | |
| using Microsoft.Extensions.Logging; | |
| using Microsoft.Extensions.Options; | |
| using Microsoft.IdentityModel.Tokens; |
nicosabena
/ azure-ad-groups-with-client-credentials.js
Created
July 6, 2018 14:55
Auth0 rule to retrieve Azure AD groups on login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This rule will get the groups for users coming from Azure AD | |
| // Auth0 already has the option to do that, but it (currently) won't work | |
| // if the user is coming from a different directory than the directory | |
| // where the app is registered (this can happen with multi-tenant apps). | |
| // This is a variation that gets an access token for Azure AD using the | |
| // client-credential grants instead of using the access token given to the user. | |
| // It's useful if a new access token from Azure AD is not obtained every time the rule runs, | |
| // or if WS-Federation is used instead of OIDC. | |
| // | |
| // After the rule runs, you will have the 'groups' property in the user |
nicosabena
/ cookie-check-hosted-login-page.html
Created
March 6, 2019 19:40
An Auth0 hosted login page that will check if cookies are enabled before showing Lock
nicosabena
/ single-connection-hlp.html
Created
March 6, 2019 20:19
An Auth0 hosted login page with logic to take the user directly to a single upstream connection. Good options for tenants that have only one connection enabled.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <!-- | |
| This hosted login page will go directly to a single upstream identity provider | |
| instead of showing Lock. It's a good choice for tenants that have only one | |
| connection enabled, or for individual applications with just one connection | |
| (in which case, the logic to decide to go directly to the idp needs to | |
| be changed, see below). | |
| It still keeps Lock if you do `prompt=login`, just in case. | |
| --> |
nicosabena
/ delete_grants_after_password_change.js
Last active
June 18, 2019 20:45
This rule delete all user grants on the next user token request after a password change
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| async function (user, context, callback) { | |
| // this rule will run after a user changes their password and | |
| // delete, for the user, either: | |
| // - all grants (for OIDC-Conformant usage) | |
| // - all device credentials (for non OIDC-Conformant apps) | |
| // These actions will effectively invalidate all issued refresh tokens | |
| // on the next token request (be it an interactive login | |
| // or a refresh token flow). | |
| // It compares a user's last_password_rest property | |
| // against an "app_metadata.last_revoke" property used |
nicosabena
/ Lock-with-extra-button.html
Last active
January 28, 2020 20:51
Show how to add an extra button to Lock
nicosabena
/ redirect-rule.js
Last active
September 2, 2020 20:08
Redirect rule + webtask to do a reCaptcha after authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function (user, context, callback) { | |
| // this rule requires the following configuration values: | |
| // CAPTCHA_SECRET: a 32 bytes string that will be the shared secret between | |
| // the rule and the webtask | |
| // AUTH0_DOMAIN: your auth0 domain (e.g. account.auth0.com) | |
| // CAPTCHA_REDIRECT: the URL for the webtask that will show and process CAPTCHA | |
| // Put a specific client ID if you dont want CAPTCHA for every client | |
| // if (context.clientID !== '[your client id]') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"> | |
| <HTML> | |
| <HEAD> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous"> | |
| <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" crossorigin="anonymous"> | |
| <TITLE> | |
| Hello World | |
| </TITLE> | |
| <style> |
nicosabena
/ smaller-header-hlp.html
Created
November 6, 2020 23:19
Decrease Lock's header for mobile devices in HLP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | |
| <title>Sign In with Auth0</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" /> | |
| <style type="text/css"> | |
| /* completely hide the header |
nicosabena
/ Configure WS-Fed generated attributes.js
Last active
December 4, 2020 17:08
Rule to configure claims for the WS-Fed Add on token generated by Auth0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function (user, context, callback) { | |
| // only apply changes for the WS-Fed application | |
| if (context.clientName !== 'Your ws-fed application name') { | |
| return callback(null, user, context); | |
| } | |
| // exclude the upn claim creation (defaults to true) | |
| context.samlConfiguration.createUpnClaim = false; | |
OlderNewer