Replicating the Universal UI

FullStackFool · March 17, 2021, 9:06am

There is a huge amount of information on customising the universalUI, SSO, lock, etc. But I’m finding it hard to find a definitive answer as to what options are available to us.

What we want to achieve:
A completely custom login UI, using Auth0 in the background.

Percieved flow:

AppA redirects to Login
Login is branded using specific logo’s, etc from AppA
User enters login info
Login authenticates via Auth0 API
Auth0 returns an access code
Login stores session for user
Login returns to AppA passing the access code
AppA passes code to auth0 js sdk
Auth0 js sdk uses code to request JWT from Auth0

Later:

AppB redirects to Login
Login themed with AppB styles
Session retrieved, user logged in, returns to AppB with another access code

Issue using UniversalUI:
So I know that the classic UI can be customised via HTML. The problem for us is the “origin-app specific branding”. I doubt this is possible using the template system?

Issue using custom UI:
Is there any support for MFA in the sdk/on the auth api, or is that lock/universalUI only?
Can we retrieve an access code for the login attempt?

konrad.sopala · March 17, 2021, 1:22pm

Hey there!

Overall if you want to have custom login UI (built by yourself) and using Auth0 in the background I guess the only approach is utilising our Authentication and Management APIs for that:

When it comes to the caveats you mentioned:

Universal Login that’s unfortunately true there is a lot of customisations we can offer but still some limitations.
When it comes to MFA support, here’s a doc that will explain it all for your case:

FullStackFool · March 17, 2021, 2:51pm

Hi Konrad,

Thank you for the response. I have studied the Authentication API and feel I must be missing something…

I cannot find an endpoint where you send the user’s email and password for login, and recieve an AUTHORIZATION_CODE in response. The signup endpoint is ideal, but I cannot fin’d it’s login alternative.

Many thanks, FSF

konrad.sopala · March 17, 2021, 3:33pm

Here’s the one that will lead you to Password Grant:

https://auth0.com/docs/api/authentication#database-ad-ldap-active-

FullStackFool · March 17, 2021, 4:14pm

That’s legacy but it did lead me to this!

https://auth0.com/docs/api/authentication#resource-owner-password

This looks like it’ll do the job!

konrad.sopala · March 17, 2021, 4:17pm

Perfect glad you were able to find it!

FullStackFool · March 17, 2021, 4:19pm

I think I understand enough of the API now to get started.

Many thanks for your help Konrad.

konrad.sopala · March 17, 2021, 4:20pm

No worries! We’re here for you!

FullStackFool · March 21, 2021, 3:17pm

Ok, unfortunately this wasn’t the solution.

I need an endpoint where I can send user credentials to, then gain an AUTHORIZATION_CODE in response (not an ACCESS_TOKEN).

So: email + password in → AUTHORIZATION_CODE out.

Is there an endpoint that provides this functionality?

konrad.sopala · March 22, 2021, 9:22am

Unfortunately we don’t have such endpoint

FullStackFool · March 22, 2021, 9:32am

This is the exact same roadblock we hit with AWS Cognito, the reason we wanted to try Auth0. Is there a fundamental principle I’m not understanding that would explain why both services deny this ability?

konrad.sopala · March 22, 2021, 9:42am

Let me ask about it our product managers to find out more