Getting an extranious "Sign in button" I can't find a way around

  • I’m using oauth2-proxy to redirect users into auth0, this works.
  • Auth0 if confi\gured with a Authentication/Social to authenticate to cilogon.org, this works.
  • I have 2 actions created one for cilogon.org to work and the other to validate roles in auth0, this works.

When oauth2-proxy redirects to dev-me.us.auth0.com/authorize?state=... I’m prompted with a “Sign in with CILogon” button. I want to skip this superfluous step and go straight to CILogon.

I noted this related thread but the solution there hasn’t made any change to me: Button before login auth0

The 302 redirect to auth0 is this URL, it’s to /authorize as described in the thread above.

The sequence of redirects from my webserver to auth0 is as follows:

dev-me.us.auth0.com/authorize?approval_prompt=auto&client_id=<obfuscated>&redirect_uri=https%3A%2F%2Fauth.braingeneers.gi.ucsc.edu%3A8443%2Foauth2%2Fcallback&response_type=code&scope=openid+email+profile&state=<obfuscated>%3Ahttps%3A%2F%2Fwhoami.braingeneers.gi.ucsc.edu%2F

After my web server 302-redirects to auth0, auth0 produces a 302 redirect to:

dev-me.us.auth0.com/login?state=<obfuscated>&protocol=oauth2&approval_prompt=auto&redirect_uri=https%3A%2F%2Fauth.braingeneers.gi.ucsc.edu%3A8443%2Foauth2%2Fcallback&response_type=code&scope=openid%20email%20profile

I tried playing with approval_prompt, it was set to “forced” by default, I tried “auto” (per a claude.ai debug thread) as well as other obvious things like “false”.

I’m not sure what’s causing the login button on auth0 to display prior to the redirect to “social” cilogon org.

image

Hey @braingeneers-admins

According to https://auth0.com/docs/api/authentication#social, you should be able to bypass the login screen if you pass a connection param with the name of the custom social connection directly to the /authorize request.

More details can be found here as well
https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2#log-in-using-the-custom-connection

Let me know if that solves your issue!

1 Like

That was it, thanks. In fact I already had the connection parameter (technically chatgpt had already included it) but it gets dropped by oauth2-proxy (an issue now open at their github - oidc auth redirect drops the `connection` parameter as defined in `login_url` unexpectedly · Issue #2702 · oauth2-proxy/oauth2-proxy · GitHub). It works when I manually inject that parameter to the redirect URL, so all is well on the auth0 side. Thanks for the helpful reply.

2 Likes