Hi,
We have a legacy java spring app where users are stored. This app needs to remain the master of users and passwords. Now we also want Single-Sign-On and want to use Auth0 as our OAuth2 server.
Can we get Auth0 to query our app e.g. via a webhook or something to determine if the user exists and whether the correct password has been provided?
I can see that one can integrate with an LDAP server, and I guess one could implement the LDAP protocol to achieve this with a pseudo-LDAP server, I’m just hoping there is a much simpler way. I’m hoping for something similar to Keycloak’s User Storage SPI, where I have to implement these methods:
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
}
@Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) {
}
How would I go about using Auth0 in our case of a legacy app being the master of users and passwords (stored with bcrypt)?
I guess we could sync the users once and then push every single time any user changes in the app. But that needs to be “instantaneous” - and what about the passwords, that we only have as salted bcrypt
-ed values? Also, redundant synchronized data schemes like this are very error-prone in my experience, so I’m hoping for a battle-tested approach…