How does Auth0 authenticate my gmail user?

Help
,
1

Hello, I am just exploring Auth0 from a learning perspective. When I log in to Auth0 (https://auth0.com/) using my Gmail credentials how does the authentication happen?

Does Auth0 store all the Gmail user data? Or is there any API exposed by Gmail for this purpose?

Also, the different options on the login page, how can I configure them? Say if I want to add my own custom domain then how can I do it?

Thanks
Madhu

3

Hey @rao.madhusr welcome to the community!

  1. The user clicks on the “Log in with X” button (or another social identity provider).
  2. The user’s browser is redirected to the Google, Facebook, etc. login page.
  3. The user logs in with their social provider credentials. This step happens entirely on the providers servers – your application never sees the user’s username or password.
  4. After the user successfully logs in, the provider sends the user back to your application. As part of this process, the provider includes a piece of information that your application can use to verify that the user is who they claim to be.
  5. Auth0 verifies this assertion, creates or updates a user in your Auth0 user database, and then sends an ID Token back to your application. This ID Token contains information (“claims”) about the user, such as their username, email address, and so on.

At this point, the user is authenticated – that is, your application knows who the user is.

Yes, Auth0 will create and store a normalized profile for the user - Their profile will look something like this:

{
  "created_at": "2023-03-30T00:44:20.072Z",
  "email": "bart.simpson@gmail.com",
  "email_verified": true,
  "family_name": "Simpson",
  "given_name": "Bart",
  "identities": [
    {
      "provider": "google-oauth2",
      "access_token": "XXX",
      "expires_in": 3599,
      "user_id": "1033643454529712852",
      "connection": "google-oauth2",
      "isSocial": true
    }
  ],
  "locale": "en",
  "name": "Bart Simpson",
  "nickname": "B$",
  "picture": "https://lh3.googleusercontent.com/a/AGNmyxboaf0rlTsdfsfeNL8_cSp17Ekdp-IRyF-P3g=s96-c",
  "updated_at": "2023-03-30T00:44:36.100Z",
  "user_id": "google-oauth2|1033692342346512852",
  "multifactor": [
    "guardian"
  ],
  "multifactor_last_modified": "2023-03-30T00:44:36.100Z",
  "last_ip": "XXX,
  "last_login": "2023-03-30T00:44:20.070Z",
  "logins_count": 1
}

Some more on custom domains here:

1 Like
4

Thanks tyf for the detailed explanation. I am trying to integrate OAuth into my personal project and the details you provided really help.

1 Like
5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.