This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | |
<title>Sign In with Auth0</title> | |
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> | |
</head> | |
<body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
This shows how you can have both a regular Lock or Passwordless Lock in the | |
hosted login page, and decide between the two based on some logic (e.g. like | |
based on the clientID, see the "usePasswordless" variable at the bottom of this code). | |
If your applications have both DB and passwordless connections | |
enabled, you could also present the option to the user (e.g. with a couple of buttons) | |
and then show the proper widget based on the user's selection. | |
--> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// This rule will get the groups for users coming from Azure AD | |
// Auth0 already has the option to do that, but it (currently) won't work | |
// if the user is coming from a different directory than the directory | |
// where the app is registered (this can happen with multi-tenant apps). | |
// It uses the access_token provided by Azure AD, so this needs | |
// the 'Open ID Connect' protocol selected in the Azure AD connection. | |
// | |
// After the rule runs, you will have the 'groups' property in the user | |
// that you can use to add custom claims to the id_token. | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function (user, context, callback) { | |
function getAllowedScopes(audience, clientID) { | |
// openid profile email are OIDC scopes | |
// real code would calculate allowedScopes based on | |
// contextual information like audience, | |
// context.clientID, context.clientName, context.connection, user | |
let allowedScopes = ["openid","profile","email","read:timesheets"]; | |
return allowedScopes; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function (user, context, callback) { | |
// only apply changes for the WS-Fed application | |
if (context.clientName !== 'Your ws-fed application name') { | |
return callback(null, user, context); | |
} | |
// exclude the upn claim creation (defaults to true) | |
context.samlConfiguration.createUpnClaim = false; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | |
<title>Sign In with Auth0</title> | |
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0" /> | |
<style type="text/css"> | |
/* completely hide the header |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"> | |
<HTML> | |
<HEAD> | |
<meta name="viewport" content="width=device-width, initial-scale=1"> | |
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous"> | |
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r" crossorigin="anonymous"> | |
<TITLE> | |
Hello World | |
</TITLE> | |
<style> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function (user, context, callback) { | |
// this rule requires the following configuration values: | |
// CAPTCHA_SECRET: a 32 bytes string that will be the shared secret between | |
// the rule and the webtask | |
// AUTH0_DOMAIN: your auth0 domain (e.g. account.auth0.com) | |
// CAPTCHA_REDIRECT: the URL for the webtask that will show and process CAPTCHA | |
// Put a specific client ID if you dont want CAPTCHA for every client | |
// if (context.clientID !== '[your client id]') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
async function (user, context, callback) { | |
// this rule will run after a user changes their password and | |
// delete, for the user, either: | |
// - all grants (for OIDC-Conformant usage) | |
// - all device credentials (for non OIDC-Conformant apps) | |
// These actions will effectively invalidate all issued refresh tokens | |
// on the next token request (be it an interactive login | |
// or a refresh token flow). | |
// It compares a user's last_password_rest property | |
// against an "app_metadata.last_revoke" property used |
NewerOlder