Auth0 Home Blog Docs

Passwordless sso using self hosted(not auth0) login page

#1

cosider 2 apps, app1.com, app2.com.
We need to implement passwordless sso between these two apps.

lets say my auth0 tenant is: mytenant.auth0.com
Using universal login, my apps are redirected to mytenant.auth0.com for authentication. Everything works, great!

But we want to host our own server, lets say accounts.myserver.com. Now the apps should redirect to accounts.myserver.com and get authenticated.

How do i replicate mytenant.auth0.com passwordless backend flow in accounts.myserver.com, like which apis to hit etc…

#2

Hi Dinesh,

I think there is some confusion about terminology. “Passwordless” is a sign-in method where the user clicks the “login” button, and then gets an e-mail with a link. Clicking on that link will sign the user in - he never enters a password. I think you may be referring to SSO: after you sign in to app1, going to app2 you are already signed in - no need to enter credentials.

I think the answer to your question is “CNAMEs” or custom domains. Have a look at the documentation here:

John

#3

@john.gateley thanks for the quick response.

  1. I understand the passwordless email link, no problem with that.
  2. With Auth0 custom domain feature, we are pointing our domain to your server ip addr, but we want to run our own server with our own web framework which hosts these login pages.

I hope that clears my question.

#4

Hi Dinesh, you have a lot of flexibility with our Authentication API: https://auth0.com/docs/api/authentication

But that is a lot of work for you, and you will lose a lot of the security, benefits and features we provide.

Our new ULP allows a very custom user experience - you can customize the pages as needed.

I would strongly recommend not hosting your own pages.

John

#5

@john.gateley
what are the security issues we need to deal with? are these issues just a general web app related or specific to auth0?

#6

If you use your own servers, you are re-implementing a lot of what Auth0 provides. In doing so, you’ll have to take security into account. I don’t have any guidance on this, as it is something I don’t recommend.

I am curious in why you want to host the pages on your own server.

John