Auth0 Home Blog Docs

Authorize from custom login page in Angular 4

custom-login
authorization

#1

I have a custom login page that I would like to use instead of the hosted pages. Can anyone give me some pointers on how to use the Authorization API or how to actually log in using Auth0 and getting my JWT. Is there an API end point I can call to login? The documentation is a bit confusing.


#2

At this time, using a custom login page in your own client application to process database connection credentials will restrict your ability to fully use certain functionalities like strict OIDC compliance and/or API Authorization. If you have a pure Angular application then it’s almost a given that you need to use API Authorization to obtain access tokens that would allow the application to call API’s on the behalf of the user. If this is the case, the need of API Authorization implies that, currently, the only recommended approach is to use the hosted login page (which you can completely customize, but through which you still need to go through). You could consider using the Auth0.js client.login method to authenticate the user after having collected the credentials, but this implies enabling the associated grant types for the client application, has some additional security considerations and would also mean that after the initial access token expires you would have no way to obtain another besides forcing the user to authenticate again. In conclusion,
for a SPA, not recommended.

As additional information, we are working on improving this situation for SPA’s and we are on the final stages of enabling flows that would allow a client application to ask for user credentials associated with database connections directly in its UI and then still be able to leverage API Authorization and renewal of access tokens that leverage an authenticated session and that does not force the user to authenticate again.


#3

Hi, you mentioned you were “on the final stages of enabling flows” to allow Angular apps to not require the hosted (hosted on auth0 domain) login form. Do you have any updates on this, is it likely to be released in the next few months or so perhaps?

Thanks!


#4

Hi, you mentioned you were “on the final stages of enabling flows” to allow Angular apps to not require the hosted (hosted on auth0 domain) login form. Do you have any updates on this, is it likely to be released in the next few months or so perhaps?

Thanks!


#5

Although I don’t have any definitive timeline that can be shared, mostly as a personal opinion based on I what I know I would say the next few months is a likely timeline. However, to be honest I also personally thought we would be closer to release by now so take my opinions with a grain of salt.


#6

As an Angular 4 developer I would love to be able to use my own custom login page instead of using the hosted login pages, one for customization which is way broader on my end and two, because canActivate has small conflicts when I try to protect my initial page to be redirected to a login page right away.


#7