Passwordless sso using self hosted(not auth0) login page

dinesh · June 5, 2019, 2:10pm

cosider 2 apps, app1.com, app2.com.
We need to implement passwordless sso between these two apps.

lets say my auth0 tenant is: mytenant.auth0.com
Using universal login, my apps are redirected to mytenant.auth0.com for authentication. Everything works, great!

But we want to host our own server, lets say accounts.myserver.com. Now the apps should redirect to accounts.myserver.com and get authenticated.

How do i replicate mytenant.auth0.com passwordless backend flow in accounts.myserver.com, like which apis to hit etc…

john.gateley · June 5, 2019, 2:26pm

Hi Dinesh,

I think there is some confusion about terminology. “Passwordless” is a sign-in method where the user clicks the “login” button, and then gets an e-mail with a link. Clicking on that link will sign the user in - he never enters a password. I think you may be referring to SSO: after you sign in to app1, going to app2 you are already signed in - no need to enter credentials.

I think the answer to your question is “CNAMEs” or custom domains. Have a look at the documentation here:

John

dinesh · June 5, 2019, 5:21pm

@john.gateley thanks for the quick response.

I understand the passwordless email link, no problem with that.
With Auth0 custom domain feature, we are pointing our domain to your server ip addr, but we want to run our own server with our own web framework which hosts these login pages.

I hope that clears my question.

john.gateley · June 5, 2019, 5:44pm

Hi Dinesh, you have a lot of flexibility with our Authentication API: https://auth0.com/docs/api/authentication

But that is a lot of work for you, and you will lose a lot of the security, benefits and features we provide.

Our new ULP allows a very custom user experience - you can customize the pages as needed.

I would strongly recommend not hosting your own pages.

John

dinesh · June 6, 2019, 4:42am

@john.gateley
what are the security issues we need to deal with? are these issues just a general web app related or specific to auth0?

john.gateley · June 6, 2019, 2:27pm

If you use your own servers, you are re-implementing a lot of what Auth0 provides. In doing so, you’ll have to take security into account. I don’t have any guidance on this, as it is something I don’t recommend.

I am curious in why you want to host the pages on your own server.

John