IdP initiated login:
IdP initiated logout:
How is it initiated?
Once initiated, sends the logout request to the callback URL configured at SAML addon callback setting.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function (user, context, callback) { | |
| var CLIENTS_WITH_MFA = ['REPLACE_WITH_YOUR_CLIENT_ID']; | |
| // run only for the specified clients | |
| if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) { | |
| // uncomment the following if clause in case you want to request a second factor only from user's that have user_metadata.use_mfa === true | |
| // if (user.user_metadata && user.user_metadata.use_mfa){ | |
| context.multifactor = { | |
| //required |
saltukalakus
/ AddMetadataBasic.md
Last active
May 12, 2020 13:11
Signing in from the enterprise and social connections with metadata available starting from the first login (a.k.a signup)
- We have an app that the users can log in only with a few selected social and the enterprise connections. These users should have a specific app_metadata and user_metadata starting from the first login.
1-) Creaate a regular Auth0 DB connection with signup option turned off. Let's assume it's named as Auth0DBInitialMetadata.
2-) Set a rule which prevents login in with the Auth0 DB connection above. So that this connection isn't used for login directly unintentionally.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function login(email, password, callback) { | |
| const mysql = require('mysql@2.18.1'); | |
| const bcrypt = require('bcrypt'); | |
| const azureCa = "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9aMQswCQYDVQQGEwJJ\n....\nR9I4LtD+gdwyah617jzV/OeELqYzmp\n-----END CERTIFICATE-----\n"; | |
| const connection = mysql.createConnection({ | |
| host: configuration.DbHost, | |
| user: configuration.DbUser, | |
| password: configuration.DbPassword, | |
| database: configuration.DbName, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "allowed_clients": [], | |
| "allowed_logout_urls": [ | |
| "https://##ENV##.myapp.com/logout" | |
| ], | |
| "allowed_origins": [ | |
| "https://##ENV##.myapp.com/" | |
| ], | |
| "app_type": "spa", | |
| "callbacks": @@example-app-redirect-uri@@, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* globals require, configuration */ | |
| /** | |
| * This script will be executed when the user wishes to change their password to test if the user exists. | |
| * This needs a global configuration option with the following properties: | |
| * {string} endpointUrl - Site URL with an empty "a0_action" parameter appended. | |
| * {string} migrationToken - Migration token found in the plugin settings | |
| * {string} userNamespace - Formatted site name to avoid user ID overlapping. | |
| * | |
| * @param {string} email - User email address, provided on login. |
saltukalakus
/ saml_metadata_modified_with_connection.xml
Last active
February 12, 2020 14:24
Saml metadata modified with the connection name where Auth0 is the IdP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <EntityDescriptor entityID="urn:saltuk-auth0idp.auth0.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> | |
| <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |
| <KeyDescriptor use="signing"> | |
| <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> | |
| <X509Data> | |
| <X509Certificate>MIIC+jCCAeKgAwIBAgIJM/mSNGTlZt68MA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNVBAMTGXNhbHR1ay1hdXRoMGlkcC5hdXRoMC5jb20wHhcNMTYxMDE0MTQ1MjA1WhcNMzAwNjIzMTQ1MjA1WjAkMSIwIAYDVQQDExlzYWx0dWstYXV0aDBpZHAuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA063hHO/Re8FcsDvQu6CZJi8pO4BahbemEoyYYtEbUPcXaHE47HCXqEESdQLxTw1PDCKIrjtCD+jqhn/yJusJTiQEr2ytvIhmM9spHL+iSQpw9fOTj5PimfQ+pHWJd23lasPJbzd5vZKlQwAbOod2HNSPOl5iWp6v5fqevidRH75T8imctXFd3f1H0q/Y8kUWYzLAbtk6IIhWcfZKG8XXrvtPa4nvmYXw6vnac/TYjdNsBfEZ1/613fL4HoixdU+jZADUswLeCNy4v1Q8pyCbHAh+P+lMW6HIHqVvu9zGv3vkhP5iyuVeFoVGGywqWurNBNWPZkhNFU2UtQhu37W6rwIDAQABoy8wLTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQg1RX34/QPs9ay6NRELbAZcQbDDzANBgkqhkiG9w0BAQUFAAOCAQEAr1+qRB0Abky8d |
saltukalakus
/ hostedPasswordlessPage.html
Created
December 5, 2019 17:16
Print the phone number on console before submit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> | |
| <title>Sign In with Auth0</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> | |
| </head> | |
| <body> |
saltukalakus
/ gist:08efe814847f9a049ce4d07140817c78
Created
December 3, 2019 14:15
Encrypt & Decrypt with existing keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const crypto = require("crypto"); | |
| let publicKey = `-----BEGIN PUBLIC KEY----- | |
| MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsoykgfqb0VqzTIDDShJ7 | |
| Pa7sg6hV4kmBBof7LLPyvmMdNB/2zNZ3mfEr0Dw+qNinmyVXQ5b/DjwbjHvYQpn9 | |
| foiFFDS6fP8ErGkICEN/68JvI/MSEJsbfDxKM/rQTwXVfD+0wxEIRblzW1LMYraO | |
| NuCPWgg0UZRmis+8Qcr0vZdf61lyfyaTx0C0bwS/wsJO0yFrIWGMsatYZktbbpPG | |
| IOQwqT2VIWfvcKjMcV8OXHNMoVjG6ni3kqXjSPYKaT1qWl4L73/dWKS0IlJJfdYw | |
| 0hpzDsmgwnsug9KBtfzbreNenVPbMfCUXone8VQZ/0+Eb8iO7JwaPuFld+0Czcsu | |
| kG6pmBUwaPk9ISlRNWUkyhUP9q4rUmAzAZgcYPNVWQVZwG/u7X2Jbf7jdsYvvCX3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const crypto = require("crypto"); | |
| crypto.generateKeyPair( | |
| "rsa", | |
| { | |
| modulusLength: 4096, | |
| publicKeyEncoding: { | |
| type: "spki", | |
| format: "pem" | |
| }, |