Passwordless sso using self hosted(not auth0) login page

dinesh · June 5, 2019, 2:10pm

cosider 2 apps, app1.com, app2.com.
We need to implement passwordless sso between these two apps.

lets say my auth0 tenant is: mytenant.auth0.com
Using universal login, my apps are redirected to mytenant.auth0.com for authentication. Everything works, great!

But we want to host our own server, lets say accounts.myserver.com. Now the apps should redirect to accounts.myserver.com and get authenticated.

How do i replicate mytenant.auth0.com passwordless backend flow in accounts.myserver.com, like which apis to hit etc…

john.gateley · June 5, 2019, 2:26pm

Hi Dinesh,

I think there is some confusion about terminology. “Passwordless” is a sign-in method where the user clicks the “login” button, and then gets an e-mail with a link. Clicking on that link will sign the user in - he never enters a password. I think you may be referring to SSO: after you sign in to app1, going to app2 you are already signed in - no need to enter credentials.

I think the answer to your question is “CNAMEs” or custom domains. Have a look at the documentation here:

John

dinesh · June 5, 2019, 5:21pm

@john.gateley thanks for the quick response.

I understand the passwordless email link, no problem with that.
With Auth0 custom domain feature, we are pointing our domain to your server ip addr, but we want to run our own server with our own web framework which hosts these login pages.

I hope that clears my question.

john.gateley · June 5, 2019, 5:44pm

Hi Dinesh, you have a lot of flexibility with our Authentication API: https://auth0.com/docs/api/authentication

But that is a lot of work for you, and you will lose a lot of the security, benefits and features we provide.

Our new ULP allows a very custom user experience - you can customize the pages as needed.

I would strongly recommend not hosting your own pages.

John

dinesh · June 6, 2019, 4:42am

@john.gateley
what are the security issues we need to deal with? are these issues just a general web app related or specific to auth0?

john.gateley · June 6, 2019, 2:27pm

If you use your own servers, you are re-implementing a lot of what Auth0 provides. In doing so, you’ll have to take security into account. I don’t have any guidance on this, as it is something I don’t recommend.

I am curious in why you want to host the pages on your own server.

John

Topic		Replies	Views
If we wanted to implement our own single sign on app that is hosted on our own servers that services other apps (similar to accounts.google.com) that utilizes auth0, would that be possible? Get Help hosted-login-page , single-sign-on	7	4606	March 2, 2018
How to handle auth0 for our customers who want to have custom domain to access our saas product Get Help login-experience , new-universal-login-experience	3	26	February 14, 2025
Passwordless login on Single Page App using Universal Login page? Get Help auth0 , passwordless , single-page-applicat , universal-login	3	5239	May 23, 2019
Hosted login and passwordless security Get Help auth0 , login	2	3396	August 28, 2019
Auth0 application domain (custom or otherwise) redirects to Auth0 homepage Get Help custom-domain , domains , universal-login	4	5376	February 7, 2020

Passwordless sso using self hosted(not auth0) login page

Related topics