DGLux w DSA Setup auth0 setup

Ok, so I’m using a software called DGLux, I have little to no way to modify their source code. All I have small wiki, a server.json file, and the auth0 dashboard with the tools provided to try to make this work.

Using the wiki above and I was able to set up the server to use auth0 but I’m facing a few issues.

Before I get in to these issues i’ll describe my simple setup on the auth0 dashboard:

I created an application set type to regular web app, provided my login uri, allowed call back urls, and my allowed logout url. I then connected to my server, opened my server.json and set my authtype to openId, and set up the connection with oauth by providing a property in the server.json as per the wiki for mentioned above:

"openId": {
  "issuer": "<issuer URI from above>",
  "clientId": "<client_id from OpenID Connect Provider>",
  "secret": "<secret from the OpenID Connect Provider>",
  "scopes": ["email", "profile"]

I added google as a social connection, set up an account with them set up my clientId and secret with auth0 and got that set up. Which brought me to my first issue:

I now visit the site, receive the login page from oauth, login to google, it creates an account in dglux and logs me in. However I can not logout. I believe the issue might be how they have implemented the logout process, or an issue with SSO cookies stored on the client. idk. If i clear my cookies, it will log me out. But essentially I want a user to be able to logout of their session but still maintain their login sessions on other sites they are using. I’ve tried to change the logout url to include " /v2/logout" appended to logout url, that didn’t work, which i expected. From my understanding that should be the endpoint on implementation from the app to logout the user. I don’t know how I can work around the issue as I have no idea how they have implemented the function.

My second issue came when trying to setup scopes I need to set user priv. It states:

### Additional configuration

Some OpenID Connect Providers will allow you to send additional properties within a scope. There are three particular values with DSA Server.

* `superuser` : If an authorized user's information from the OpenID Connect Provider contains the key superuser, with the value set to `true` (boolean, not string), then the user will have Superuser rights within DSA Server.
* `rootUrl` : If the authorized user's information from the OpenID Connect Provider contains the key rootUrl with a string path as a value, the user will be redirected to that path by default when logged in.
* `allowDesigner` : If an authorized user's information from the OpenID Connect Provider contains the key allowDesigner, with the value set to `false` (boolean, not string), then the user will be prevented from accessing the designer when logged in to the DSA Server.

So i want to add these parameters to my scope. I tried manually adding them in users app_metadata as follows:

  "allowDesigner": true,
  "rootUrl": "/",
  "superuser": true

that didn’t seem to work. I logged in with my user and did not receive superuser privileges. I tried writing a rule that set them on authentication right in the user object. that didn’t seem to work either. I’ve tried adding it to the scope parameter in the server.json for both these attempts. that didn’t work either.

If anyone has any information or ideas how I can solve either of these 2 problems I would truly appreciate it.

The logout issue is on the application side. Apparently DGLux didn’t consider the auth0 session layer on implementation, so every time you try to logout of the application, it automatically logs you back in. I have advised them of the issue, they verified that it exists, and they are working on it. Hopefully that resolves that problem for any future users.

If, or when, this issue is resolved I’ll start trying to figure out why the user’s app_metadata I’m passing is being ignored by the application. I do not want to work on it until I’m sure they will resolve the logout issue.