Custom Login and hosted pages support


I am writing Angular app which needs to use Auth0 for user authentication and authorisation and as part of that I am investigating different Identity Providers.

I need the UI for logging to be custom but also all user related dialogs which are in hosted pages section to be custom and hosted the angular app but not just customised.

So far I was able to register user, then login with that user using Auth0.js v9. That’s calling the javascript methods directly.

public login(): void {
// this.auth0.authorize();
// return;

    realm: 'Softopia', // that is the db name
    username: '',
    password: 'dididi',
    // audience:'softopia'
    // username: '',
    // password: 'z2aNWpuh29yA'


public register():void{

  connection: 'Softopia',
 email: '',

}, function (err) {
if (err) return alert('Something went wrong: ’ + err);
return alert(‘success signup without login!’)

All works well as expected, but when new user logs in for the first time I can see custom popup dialog

Is it possible to avoid this?

Also is it possible to do the custom ui for the reset password, and forgotten password screens without using the provided ui from auth0 - do not want to customise the but use completely my own.

For the work till now I was able to progress by trial and error and can say there was no clear path how to do that. Can you point me to sample angular app which have everything custom build.

Can you confirm that there is no way we can invalidate user token that is currently supported and that the only way a token becomes invalid is after it expires?

Ho would you advice that Auth0 will manage the case where I have users with different permissions? Here is the use case:
User logs in and then administrator gives him specific permissions?
In webapi scenario with custom token - the solition will be to add claims to the token and when the next time users logs in the user will have the right claims. I guess in Auth0 world that will be implemented with Scopes and Rules. Can you give example flow what has to happen to achieve that scenario?

I am really looking forward your responses.

:wave: @lyubomir.velchev

What you are seeing is the Consent Dialog. It is shown either when you’re using a client marked as third party, when you’re using Localhost to test the application or when the API that you’re using doesn’t have the Allow Skipping User Consent switch turned on (information on that here).

For the password reset you may find this thread helpful.

Are you trying to revoke a token because the user reset their password? There is an example here that may help you here.

Depending on your use case, you could add permissions as scopes (a similar situation was asked here) or you could use the Authorization Extension (a great article here that explains it a bit more here).