Hi all,
What I want should be fairly simple, I guess. But I can’t find how to do it.
I want to authenticate a user agains the Auth0 database with javascript. I want to send the email/password and receive back the idToken of that user.
I don’t want to see a popup where the user has to enter his email/password. I don’t want a redirect after authenticating. Just sending the request from javascript and getting back the idToken.
How can I do this?
thanks for helping me,
Peter
What you describe is the “Resource Owner Password Grant” in OAuth2 parlance. It means that the application collects the credentials and sends them to the authorization server in exchange for a token.
Nowadays it’s considered an anti-pattern that’s reserved for legacy applications that can’t use browser-based authentication, because of security risks.
This blog post by Scott Brady should steer you away from doing this: Don't use the OAuth password grant type
If you still want to use it, Auth0 gives you the possibility. You’ll need to enable this grant type for a specific application (it’s not enabled by default).
You can see the API used for this grant type at Authentication API Explorer, and look at Call Your API Using Resource Owner Password Flow for a general description.
If you want to use Auth0.js to make the request, you can use the Authentication.login() function (GitHub - auth0/auth0.js: Auth0 headless browser sdk).