Hi all,
I’m Trying to connect Auth0 with InvisionCommunity forum.
The 4.3 is the new beta and should work with Auth0.
Could someone give me some idea to connect it?
Thanks a lot!
Laureano
Hi all,
I’m Trying to connect Auth0 with InvisionCommunity forum.
The 4.3 is the new beta and should work with Auth0.
Could someone give me some idea to connect it?
Thanks a lot!
Laureano
I am not familiar with InvisionCommunity or the underlying forum software in question. What type of authentication options are you presented with?
I have exactly the same situation, so I’ll be aware of the answer.
I hope I can do it with Oauth 2.0.
Hey @llopez
From your settings, it appears that you have set up the majority of the parameters correctly. I haven’t set up Auth0 with the Invision Community but we can walk through it together
First, some parameters/config will need to be updated to ensure you’re correctly associating claims returned from the /userinfo
endpoint:
Verify that the client you have set up in your Auth0 dashboard is a RWA (Regular Web Application) as we will be using the Authorization Code Grant for this exchange
For Scopes to request add 3 scopes: openid
, profile
, email
. By requesting the openid
scope, you will be able to pass the access_token
to the /userinfo
endpoint to retrieve the user’s profile and associate the necessary claims in your Invision Community instance
For the User ID Parameter, set the value to sub
. The sub
claim, short for subject
, is a standard OIDC claim which uniquely identifies the user at the issuer. You can read more about the OIDC standard claims and the general spec here, in case you’re interested: Final: OpenID Connect Core 1.0 incorporating errata set 1
Now you should have the minimum setup required to have authentication for your Invision Community with Auth0. For a better user experience - you can also pre-fill the the following parameters:
Display Name Parameter: set it to the name
claim returned from the /userinfo
endpoint
Email Address Parameter: set to the email
claim
Profile Photo URL Paramater: set to the picture
claim
Another important point to note is that you have to decide whether the Invision Community or Auth0 will perform email validation. Which system performs the validation is not as important as actually performing it to avoid having a malicious user impersonate another user (or admin) by signing up at the IdP with their victim’s email.
If you choose to perform the email validation with Auth0, you can use the following rule: Verify Emails using Auth0. However, it may make for a better user experience to handle this verification at the Invision Community (if that functionality exists).
I hope this helps with your set up and please let me know if you have any follow up questions!
Hi fady,
I’m sorry that I was slow to respond, I’ve really been testing your indications so clear and so detailed. Thank you very much for that. However, I have not been able to make it work yet.
Attachment I send screen captures, may be I am entering the parameters incorrectly.
Also attached log that reports the Auth0 with information of the failure.
Regards!
Hey @llopez thanks for the update! It seems that a Rule or Custom DB script is timing out. This is likely occurring because:
callback
functionIf possible, I’d suggest isolating the issue by disabling any Rules that are not needed and checking to ensure you are allowing the Auth0 IP ranges to access your DB, if you’re using any Custom DB scripts.
This particular error is related to the authentication transaction and not necessarily the Invision Community setup.
Hi Fady,
After trying everything, I suspect something is not right on the Invision side.
Thanks for your help!
Hi Fady,
I’m sorry come back with this issue. It has not really worked and we have been busy with other things, however now this is our highest priority.
Today we have been able to verify that the login is sent and something responds from auth0 and it arrives to the callback url but it is not the authorization but an error (we included some traces to the callback index.php).
How do we know why is it being sent that way and how to fix it?
Thanks in advance and best regards,
Can you provide the full error? Do you have any console logs from the browser that could be helpful?