Device-level authentication?

bill.white · December 29, 2020, 8:43pm

Does Auth0 support device-level authentication?

Our use case has an app using one account on the existing IAM, and the app runs on some 250 registered (with the IAM) devices. This is so that any one of the users can “grab and go” with any of the 250 mobile devices without having to sign into an individual account.

Does Auth0 support this use case?

Thanks!

john.gateley · December 30, 2020, 3:05pm

Hi @bill.white

Auth0 is very flexible and can support this, probably in a number of ways.
Without more detail, I can only guess at your requirements, but one solution would be:

Create a device account with password known to an admin
Admin configures each device with the same PIN and logs each device in to the device account.
Login gets a refresh token, and this is used to get new access tokens as needed.
Refresh token is protected by the device PIN (thus, PIN must be the same for all devices).

The security around this should be carefully examined. This present a lot of attach surface, and the security requirements will guide you to the best solution.

John

system · January 14, 2021, 3:06pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.