Home Realm Discovery with Auth0.js

Problem statement

If Auth0.js has been used to create a custom login page for Classic Universal Login, it is now required to implement Home Realm Discover (HRD). However, all the logic for HRD is built into Lock. So, if HRD is required for use with Auth0.js, a custom solution is needed.

This article will explain how Enterprise Connections can be used with IdP domains for HRD.

Solution

Lock.js retrieves the connection information from the ‘https://<AUTH0_DOMAIN>/client/<client_id>.js’ endpoint. The endpoint returns up to 50 connections and exposes all the IdP domains.

If you are using Auth0.js, then it is possible to obtain a list of associations between domains and connections using the above endpoint and then do an authorize() request with connection: "<the_connection_name>" in the options (like with social providers).

Note: It’s possible to prevent that information from being exposed by using the “Enable Publishing of Enterprise Connections Information with IdP domains” in Tenant Advanced Settings.

1 Like