Replicating the Universal UI

There is a huge amount of information on customising the universalUI, SSO, lock, etc. But I’m finding it hard to find a definitive answer as to what options are available to us.

What we want to achieve:
A completely custom login UI, using Auth0 in the background.

Percieved flow:

  • AppA redirects to Login
  • Login is branded using specific logo’s, etc from AppA
  • User enters login info
  • Login authenticates via Auth0 API
  • Auth0 returns an access code
  • Login stores session for user
  • Login returns to AppA passing the access code
  • AppA passes code to auth0 js sdk
  • Auth0 js sdk uses code to request JWT from Auth0

Later:

  • AppB redirects to Login
  • Login themed with AppB styles
  • Session retrieved, user logged in, returns to AppB with another access code

Issue using UniversalUI:
So I know that the classic UI can be customised via HTML. The problem for us is the “origin-app specific branding”. I doubt this is possible using the template system?

Issue using custom UI:
Is there any support for MFA in the sdk/on the auth api, or is that lock/universalUI only?
Can we retrieve an access code for the login attempt?

Hey there!

Overall if you want to have custom login UI (built by yourself) and using Auth0 in the background I guess the only approach is utilising our Authentication and Management APIs for that:

When it comes to the caveats you mentioned:

  • Universal Login that’s unfortunately true there is a lot of customisations we can offer but still some limitations.

  • When it comes to MFA support, here’s a doc that will explain it all for your case:

Hi Konrad,

Thank you for the response. I have studied the Authentication API and feel I must be missing something…

I cannot find an endpoint where you send the user’s email and password for login, and recieve an AUTHORIZATION_CODE in response. The signup endpoint is ideal, but I cannot fin’d it’s login alternative.

Many thanks, FSF

Here’s the one that will lead you to Password Grant:

1 Like

That’s legacy but it did lead me to this!

This looks like it’ll do the job!

1 Like

Perfect glad you were able to find it!

I think I understand enough of the API now to get started.

Many thanks for your help Konrad.

1 Like

No worries! We’re here for you!

1 Like

Ok, unfortunately this wasn’t the solution.

I need an endpoint where I can send user credentials to, then gain an AUTHORIZATION_CODE in response (not an ACCESS_TOKEN).

So: email + password in → AUTHORIZATION_CODE out.

Is there an endpoint that provides this functionality?

Unfortunately we don’t have such endpoint

:man_facepalming:

This is the exact same roadblock we hit with AWS Cognito, the reason we wanted to try Auth0. Is there a fundamental principle I’m not understanding that would explain why both services deny this ability?

Let me ask about it our product managers to find out more

1 Like