Auth0 Home Blog Docs

Is the main purpose of Auth0 to hide the implementation of the identity provider from your app?

I’m reading the “Learn the Basics” article on Auth0 here: https://auth0.com/docs/getting-started/the-basics. It talks about how Auth0 sits between the identity provider (such as Facebook or Google) and the app. The identity provider provides users to Auth0, which in turn provides the same users to the app. The difference is that while the details of the connection between the identity provider and Auth0 depends on the implementation of the identity provider, the details of the connection between Auth0 and the app stay the same, so Auth0 provides users to the app while hiding the details of the implementation of the identity provider from the app. My question is: is this the main point of Auth0? To successfully receive users from the identity provider no matter what the identity provider’s implementation and then forward the users to the app in the same consistent way every time?

What you describe is the concept of Federation, where Auth0 acts as a so-called broker. This is however only one aspect of many. Auth0 offers much more than that.

First of all, Auth0 can act as a broker only (using the federation approach you described), but it can also be an Identity Provider itself (using its own database connection, which holds usernames/passwords).

Auth0 offers additional features such as the powerful Rules engine to link/merge user accounts (from different IdPs), handle user profile enrichment, run any other custom logic in between an authentication/authorization request, offering MFA (Multi-Factor-Authentication), Brute Force Protection, and much more without the developer having to develop all of that from scratch. Think about the effort, learning curve and cost involved if a developer had to develop all of this from scratch.

Also, Auth0 provides guidelines, best practices, quick starts, SDKs/libraries for all common technology stacks to get a developer started with a secure authentication and authorization implementation for his/her own app.
This way, Auth0 abstracts away the complexity of underlying protocols such as OAuth2, OpenID Connect, SAML2, etc.

Above is just a really brief summary, and I probably missed a lot of other benefits that Auth0 offers.