App client with sso_integration

sylvain.conti · December 4, 2023, 3:13pm

I’m trying to use auth0 as Idp for one of our partner.
They will use our users identities to authenticate their customer.
They will add a button like “Login with contonso” on their login page (not auth0) that will redirect to our login page.

I understand that I need to create an app_client for the integration.
I noticed there is a sso_integration type in the API. How to use this ?

I tried to create one client. It shows a “custom” SSO integration in the UI but fails to display any details. Is there a bug in the UI or am I missing some parameters ?

rueben.tiow · December 5, 2023, 5:46pm

Hi @sylvain.conti.

Thanks for reaching out to the Auth0 Community!

The SSO integration you are referring to when creating an application, involves integrating SSO using external services like Dropbox and Zoom. This allows your users to log in using Auth0 identity providers listed here.

Here is an example of creating an application with an SSO integration:

{
  "name": "test-sso-app",
  "app_type": "spa",
  "addons": {
    "sso_integration": {
      "name": "Jenkins",
      "version": "2.0"
    }
  }
}

(Reference: Single Sign-On Integrations)

Please let me know if you have any questions.

Thanks,
Rueben

sylvain.conti · December 5, 2023, 5:55pm

I understand that but there is a sso_integration type in the management API.
https://auth0.com/docs/api/management/v2/clients/post-clients

If I uses that instead of spa or regular_web.
The app appears in the SSO integration section in Admin UI.
However it seems broken.

rueben.tiow · December 5, 2023, 6:11pm

Hi @sylvain.conti,

When you specify the "app_type": "sso_integration", you are essentially creating a custom SSO integration and not an application.

If you are creating an application, you should only select from the following:

SPA
Native
Regular Web App
M2M (non-interactive)

If you are configuring an SSO integration, please choose one of the options listed here:
https://marketplace.auth0.com/features/sso-integrations.

If you are not able to find the SSO integration you need, you could either build a custom one yourself or submit a feedback request asking to support that specific integration.

I hope this helps!

Thanks,
Rueben

sylvain.conti · December 6, 2023, 9:06am

you could either build a custom one

Can you point me to a documentation to do that.
If I try to create a custom one the Admin UI is broken. I see it as custom in SSO integration page, but I cannot access the details.

 {
    "name": "MyIntegration",
    "grant_types": [
        "refresh_token","authorization_code"
    ],
    "token_endpoint_auth_method": "none",
    "app_type": "sso_integration",
    "is_first_party": false,
    "oidc_conformant": true,

// I also tried with that
 "addons": {
        "sso_integration": {
            "name": "MyIntegraton",
            "version": "1.0"
        }
    }
...
}

rueben.tiow · December 6, 2023, 7:19pm

Hi @sylvain.conti,

Thanks for the reply.

The error that you see happens because there isn’t an SSO integration named “MyIntegration”. If you would like to create a custom SSO integration, please refer to the third step outlined in this link.

For this scenario, there’s no need to create an SSO integration. Instead, you will need to create a regular web app, download the certificates, and share these credentials with your partner provider. For an example, please check out this documentation.

Thanks,
Rueben

system · December 20, 2023, 7:19pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.