Is Auth0 the right solution for our project?

Hey everyone,

I’m evaluating Auth0 to add SSO to an existing Meteor (node.js) app. We currently manage our users (auth, roles, profiles, etc) through a traditional username/password database and can rely on built-in authentication packages for permission checking, etc on the front and back-end. Additionally, our app is multi-tenancy running on a single instance with subdomains acting as identifiers for clients. Each subdomain / client will have its own preferences for allowed SSO providers (e.g. google and facebook or just google).

To summarize, our core requirements are:

  • Ability for users to login via Auth0 SSO and have them be authenticated through our existing user database (which will allow us to use our existing auth/permission checks)
  • Ability for clients to dynamically chose which SSO options are available to their users during login
  • Ability to work with custom subdomains / multi-tenancy on a single server instance (wildcard redirect urls might be what I need?)

Thanks so much for the help and I’m happy to answer any follow up questions.

1 Like

Bump? Anyone have suggestions here?

Hi @elliot

Welcome to the Auth0 Community!

We appreciate your effort in evaluating Auth0 for your existing application in terms of answers to your concerns.

  1. Auth0 is capable of connecting to an existing external database. After connection, you can choose between using your existing checks or importing them to Auth0 via Actions. External Databases, Actions in External Databases
  2. Auth0 offers you the possibility to force a login with a specific Social Connection with connection={connection name) for example, google-oath2
GET https://{yourDomain}/authorize?
  audience=API_IDENTIFIER&
  scope=SCOPE&
  response_type=code&
  client_id={yourClientId}&
  redirect_uri={https://yourApp/callback}&
  state=STATE
  connection=google-oauth2
  1. Auth0 supports wildcards for:
  • Allowed Callback URLs: List of URLs to which Auth0 is allowed to redirect users after they authenticate.
  • Allowed Logout URLs: List of URLs to which you can redirect users after they log out from Auth0.
  • Allows Web Origins: List of URLs from where an authorization request using Cross-Origin Authentication, Device Flow, and web_message as the response mode can originate.
  • Allowed Origins (CORS): List of URLs that will be allowed to make requests from JavaScript to Auth0 API (typically used with CORS).

You can read more details about Subdomain URL Placeholders here

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.