Hi
I am a relative beginner in Auth0, having using Lock a couple of times only and not the API.
We are currently using Lock to login with the social media options Facebook and Google.
We would like to change to have our own style and more control. I see the options are to have a custom popup or to use the API.
Forgive me if reading the docs thoroughly will answer this, but I don’t want to spend too much time on this path if it is hopeless.
So my question is - if we change to using the API, will we be able to avoid redirects from the social media logins? Is there a way?
We would like to avoid redirects if we can as the data in memory gets lost on page refresh, correct? So we need to load it again from storage or local storage.
I expect changing to API will mean developing any process flow ourselves but as we are only logging in with social media I expect that will at least not need to do forgotten password flows etc.
When building a custom UI for handling login you can using auth0.js which is a headless SDK for authentication. This will give you a simple SDK for triggering the various flows and transactions necessary for signup, social, etc so you can have a custom look and feel to your login page. Here is the link to that SDK: GitHub - auth0/auth0.js: Auth0 headless browser sdk
if we change to using the API, will we be able to avoid redirects from the social media logins? Is there a way?
Redirects for social and federate Single SignOn is absolutely necessary. Your users should never be prompted to use a form to enter in their social credentials. This is not considered a safe experience for the user because they have no way to know if their credentials are being compromised.
Instead, if you would rather redirect the user straight to the social provider instead of Auth0’s login page that is another question. The short answer is yes, you can do this with our without lock simply by calling the /authorize
endpoint with a connection name.
We would like to avoid redirects if we can as the data in memory gets lost on page refresh, correct? So we need to load it again from storage or local storage.
Yes this is correct, anytime you initiate a redirect you in memory data will be lost unless it is serialized and deserialized. To help this SPA or other client side applications can trigger a flow with popup mode. This will allow the user to be redirected to the login page, but in a different window allowing your application to preserve its data.