Auth0 Home Blog Docs

Invision Community and Auth0

oauth2

#1

Hi all,

I’m Trying to connect Auth0 with InvisionCommunity forum.
The 4.3 is the new beta and should work with Auth0.
Could someone give me some idea to connect it?

Thanks a lot!
Laureano


#2

I am not familiar with InvisionCommunity or the underlying forum software in question. What type of authentication options are you presented with?


#4

I have exactly the same situation, so I’ll be aware of the answer.
I hope I can do it with Oauth 2.0.


#5

Hi,

I’m uploading a couple of screenshots with more details.
Thanks


#6

Hey @llopez :wave:

From your settings, it appears that you have set up the majority of the parameters correctly. I haven’t set up Auth0 with the Invision Community but we can walk through it together :slight_smile:

First, some parameters/config will need to be updated to ensure you’re correctly associating claims returned from the /userinfo endpoint:

  • Verify that the client you have set up in your Auth0 dashboard is a RWA (Regular Web Application) as we will be using the Authorization Code Grant for this exchange

  • For Scopes to request add 3 scopes: openid, profile, email. By requesting the openid scope, you will be able to pass the access_token to the /userinfo endpoint to retrieve the user’s profile and associate the necessary claims in your Invision Community instance

  • For the User ID Parameter, set the value to sub. The sub claim, short for subject, is a standard OIDC claim which uniquely identifies the user at the issuer. You can read more about the OIDC standard claims and the general spec here, in case you’re interested: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

Now you should have the minimum setup required to have authentication for your Invision Community with Auth0. For a better user experience - you can also pre-fill the the following parameters:

  • Display Name Parameter: set it to the name claim returned from the /userinfo endpoint

  • Email Address Parameter: set to the email claim

  • Profile Photo URL Paramater: set to the picture claim

Another important point to note is that you have to decide whether the Invision Community or Auth0 will perform email validation. Which system performs the validation is not as important as actually performing it to avoid having a malicious user impersonate another user (or admin) by signing up at the IdP with their victim’s email.

If you choose to perform the email validation with Auth0, you can use the following rule: https://auth0.com/rules/email-verified. However, it may make for a better user experience to handle this verification at the Invision Community (if that functionality exists).

I hope this helps with your set up and please let me know if you have any follow up questions!


#8

Hi fady,
I’m sorry that I was slow to respond, I’ve really been testing your indications so clear and so detailed. Thank you very much for that. However, I have not been able to make it work yet.
Attachment I send screen captures, may be I am entering the parameters incorrectly.
Also attached log that reports the Auth0 with information of the failure.
Regards!


#9

Hey @llopez thanks for the update! It seems that a Rule or Custom DB script is timing out. This is likely occurring because:

  1. You’re not calling the callback function
  2. You’re waiting on a service that is taking > 20 seconds (unavailable service or firewall)

If possible, I’d suggest isolating the issue by disabling any Rules that are not needed and checking to ensure you are allowing the Auth0 IP ranges to access your DB, if you’re using any Custom DB scripts.

This particular error is related to the authentication transaction and not necessarily the Invision Community setup.


#10

Hi Fady,
After trying everything, I suspect something is not right on the Invision side.
Thanks for your help!