Skip to content

Instantly share code, notes, and snippets.

View nicosabena's full-sized avatar

Nico Sabena nicosabena

19 followers · 0 following
  • Auth0, Inc.
  • Seattle greater area, WA
View GitHub Profile
@nicosabena
nicosabena / force_single_connection_no_ui.html
Created December 2, 2023 00:01
Auth0 "classic" hosted login page that takes the user to a specific connection to authenticate
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Sign In with Auth0</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>
@nicosabena
nicosabena / hosted login page with password and passwordless.html
Last active March 21, 2023 17:05
Password and passwordless login options
<!--
This shows how you can have both a regular Lock or Passwordless Lock in the
hosted login page, and decide between the two based on some logic (e.g. like
based on the clientID, see the "usePasswordless" variable at the bottom of this code).
If your applications have both DB and passwordless connections
enabled, you could also present the option to the user (e.g. with a couple of buttons)
and then show the proper widget based on the user's selection.
-->
@nicosabena
nicosabena / azure-ad-groups.js
Last active March 3, 2022 18:48
Auth0 rule to get user groups from Azure AD
// This rule will get the groups for users coming from Azure AD
// Auth0 already has the option to do that, but it (currently) won't work
// if the user is coming from a different directory than the directory
// where the app is registered (this can happen with multi-tenant apps).
// It uses the access_token provided by Azure AD, so this needs
// the 'Open ID Connect' protocol selected in the Azure AD connection.
//
// After the rule runs, you will have the 'groups' property in the user
// that you can use to add custom claims to the id_token.
//
@nicosabena
nicosabena / restrict_scopes_in_rule.js
Last active August 13, 2021 20:09
function (user, context, callback) {
function getAllowedScopes(audience, clientID) {
// openid profile email are OIDC scopes
// real code would calculate allowedScopes based on
// contextual information like audience,
// context.clientID, context.clientName, context.connection, user
let allowedScopes = ["openid","profile","email","read:timesheets"];
return allowedScopes;
}
@nicosabena
nicosabena / Configure WS-Fed generated attributes.js
Last active December 4, 2020 17:08
Rule to configure claims for the WS-Fed Add on token generated by Auth0
function (user, context, callback) {
// only apply changes for the WS-Fed application
if (context.clientName !== 'Your ws-fed application name') {
return callback(null, user, context);
}
// exclude the upn claim creation (defaults to true)
context.samlConfiguration.createUpnClaim = false;
@nicosabena
nicosabena / smaller-header-hlp.html
Created November 6, 2020 23:19
Decrease Lock's header for mobile devices in HLP
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>Sign In with Auth0</title>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" />
<style type="text/css">
/* completely hide the header
@nicosabena
nicosabena / embedded-lock-test.html
Created October 29, 2020 22:24
embedded-lock-test.html
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" crossorigin="anonymous">
<TITLE>
Hello World
</TITLE>
<style>
@nicosabena
nicosabena / redirect-rule.js
Last active September 2, 2020 20:08
Redirect rule + webtask to do a reCaptcha after authentication
function (user, context, callback) {
// this rule requires the following configuration values:
// CAPTCHA_SECRET: a 32 bytes string that will be the shared secret between
// the rule and the webtask
// AUTH0_DOMAIN: your auth0 domain (e.g. account.auth0.com)
// CAPTCHA_REDIRECT: the URL for the webtask that will show and process CAPTCHA
// Put a specific client ID if you dont want CAPTCHA for every client
// if (context.clientID !== '[your client id]')
@nicosabena
nicosabena / Lock-with-extra-button.html
Last active January 28, 2020 20:51
Show how to add an extra button to Lock
<!--
This example how you can add an extra button to Lock to directly
force an authentication with an enterprise connection (instead of relying
on Lock's home realm discovery with the email domain).
Warning: This is provided "as-is". It relies on Lock's current DOM structure, which
might change in future versions without previous warning and break this solution.
If you want buttons for your enterprise connections, a better idea is to
use the "New" Universal Login experience instead, which provides these
@nicosabena
nicosabena / delete_grants_after_password_change.js
Last active June 18, 2019 20:45
This rule delete all user grants on the next user token request after a password change
async function (user, context, callback) {
// this rule will run after a user changes their password and
// delete, for the user, either:
// - all grants (for OIDC-Conformant usage)
// - all device credentials (for non OIDC-Conformant apps)
// These actions will effectively invalidate all issued refresh tokens
// on the next token request (be it an interactive login
// or a refresh token flow).
// It compares a user's last_password_rest property
// against an "app_metadata.last_revoke" property used