Hi, I am new to Auth0, and I have some newbie questions.
I’m currently working on a web app with the following technologies: Angular 12 front end, ASP Net Core Web Api, PostgreSQL database. The users are managed using AspNetCore.Identity 6.
The real main goal is to use Auth0’s MFA. Is it possible to only configure MFA for an app?
If not, we need to implement Auth0 on the application but need to keep the users on the Postgres database. I read some of the documentation (this is the best one that I found https://auth0.com/docs/authenticate/database-connections/custom-db/overview-custom-db-connections) and posts here about custom database, but I still don’t know how I should approach this.
Do I call Auth0 from the SPA? Or do I call it from the API?
Should I use the Database Action Scripts to call my database? Or call an API from there? Should I even use Database Action Scripts?
Should I work with Flows?
On my local test setup - SPA app for which I enabled an external IdentityProvider connection (in this case Auth0 does not store user credentials at all; they are stored in this external IdP) + Auth0 MFA and the flow looks like this:
Once a user click the login button in the app, they are redirected to the Auth0-hosted login page with a button to an external IdP connection (1) → they are redirected to this external IdP login page (not hosted by Auth0) and provide their credentials to authenticate against it → again redirected to the Auth0-hosted page with the selected MFA factor (2) - they provide the additional factor → once complete they are logged in to the app.
I believe the above is a similar case to your (user credentials stored outside the Auth0 tenant)?
Yes, you call Auth0 from the SPA (by calling the /authorize endpoint) to initiate the flow I described above.
I think the quickest way to test it is by setting your Auth0 tenant to require the MFA always (and choose the OTP for example as a factor); set up a sample SPA app using our quickstarts docs and enabling for this app your custom Identity provider (via Auth0 dashboards → Applications → your SPA app → Connections → your custom user data store*).