Problem statement
We have implemented all the steps to create a custom social connection. However, the documentation does not explain what needs to be done after a successful external provider login.
Do we need to make an Auth0 API call or redirect to a URL?
Can you please provide more information?
I think front-end redirection for triggering token API is not mentioned in the document which is a critical step. Additionally, the Fetch User Profile section can be more detailed about how to include claims in Auth0.
Solution
The general flow that is used in the custom social identity provider connection is the Authorization Code grant. It is described in the OAuth2 Authorization framework and is documented here: RFC 6749 - The OAuth 2.0 Authorization Framework.
Additionally, we have documentation that gives more detail on the login process to these 2 endpoints: See OAuth 2.0 Authorization Framework.
Of course, there can be minor variations between the destination IdP in parameters so it’s best to review the source documentation on how best to configure this.
The Fetch User Profile default code does work for most providers but again there can be variations on this as each IdP has control over its own /userinfo endpoint. Generally, the format is returned in JSON format and the provided template code can be used with none to very little change. Once again it’s best to review documentation with the source IdP to determine the format and make changes from there.
We have a backlog item to review and add more information to our existing documentation.
For now, here is an example of the Fetch User Profile code (using Slack as the example):
function(accessToken, ctx, cb) {
request.get(
{
url: 'https://slack.com/api/openid.connect.userInfo',
headers: {
'Authorization': 'Bearer ' + accessToken,
}
},
(err, resp, body) => {
if (err) {
return cb(err);
}
if (resp.statusCode !== 200) {
return cb(new Error(body));
}
let bodyParsed;
try {
bodyParsed = JSON.parse(body);
} catch (jsonError) {
return cb(new Error(body));
}
const profile = {
user_id: bodyParsed["https://slack.com/user_id"],
email: bodyParsed.email
};
cb(null, profile);
}
);
}