I have implemented SSO using the Auth0 SDK and it works well but I have hit a wall and I am not sure of the ‘right’ way to proceed, first let me describe the situation, then the question.
User lands at Auth0 login, authenticates, our server receives the ‘code’, code exchanged for token, token use to get ‘profile’. This is fine so far. Then, using the email address (a unique login on our system) we see if a local (Django) record exists or not. If not we create one, copy the latest profile details (first name, last name etc) to update and then continue a Django session with a local record as usual.
All good. Now the issue: I configured my AD account to have value in the Company and Department name fields but the standard list of claims for
profile does not include them. From reading around, it seems I need to issue a MS Graph ‘$select’ query to get those fields. I did not find any support for this in the Auth0 SDK, but given the number of platforms you support this does not surprise me.
So… by uaing Auth0 I am alleviated from knowing what IdP was used but now, wanting to know the company and department for initial record creation means I do have to know, which seems to make using Auth0 a lot less useful.
Is there a solution or do I really have to have my own database of what email domains are managed byu what type of IdP provider so I can query that information. I hope that makes sense.