I am trying to set up vkontakte auth plugin for auth0 by its Setup Guide:
Created a vk id app; got app ID and secure key; made the app “enabled and accessible by everyone”
Added a social connection using vkontakte plugin:
Application ID: 8 digits from vk id app settings (53519765)
Secure key: secure key from vk id app settings
Attributes: basic profile only
Permissions: none (all boxes unticked)
Additional Scopes: none (empty textarea)
Sync user profile attributes at each login: yes (default value)
Enabled vkontakte connection for my application
Found my app domain (dev-wm6gx6s70lw6eu23 . us . auth0 . com) and configured vk id application (Base domain, Trusted redirect URL)
After configuring, I tried to test the conection (Try Connection button) and got this:
URL: oauth . vk . com /authorize?login_hint=&prompt=login&response_type=code&redirect_uri=https%3A%2F%MY_DOMAIN%2Flogin%2Fcallback&scope=profile&state=x0mLzikO8l2wSia2uf5ZYKq82ePMOEzE&client_id=53519765
Selected sign-in method not available for app. Please try again later or contact the app administrator
Double-checked:
App credentials
Auth0 domain
Everything else from vkontakte plugin’s Setup Guide
Looks either I am doing something wrong or vk id have made some changes to their authentication protocol.
Can you by any chance notice what am I doing wrong?
Are there any possible workarounds you might know about?
Is it possible to write a custom auth plugin for Auth0?
Thank you for providing information on the matter, I was able to reproduce your problem by using the VK Plugin and by creating a custom social connection as well.
If you have not created a custom social connection for VK, could you please give that a try as well? If you have any issues, I can help you out with that.
I will come back with more information as soon as possible!
I believe that the VK Plugin might be outdated regarding the matter. As far as I have researched, the previous authentication api which was used to integrate web applications with their social website has migrated to id.vk.com. You can find more information on integrating their social connection with your applications in their documentation.
By following this documentation, you should be able to create a custom social button within Auth0 by using the credentials of a web application created on the website mentioned above.
I am currently still having issues in making the integration function successfully, however, if you need any help on the matter, let me know! I will come back with an update in regards to the integration from my end!
(didn’t find any docs, adapted script from medium . com/%40colin.douglas/creating-a-custom-social-connection-between-auth0-and-gitlab-saas-4d22864cf503 )
5. Custom Headers: none (empty text area)
6. Sync user profile attributes on each login: enabled (default value)
When trying to save I get this: 403 Forbidden / Error! You don’t have permissions to access the resource. There are no additional details in the response body.
Is there some limitation disabling me from saving a custom social login provider or is there another reason behind the case?
Most probably the error received when trying to save the template might be caused by the fact that you had multiple tabs opened with the same page which was causing conflicts on the dashboard whenever you were attempting to save the changes.
To provide you some updated on my end, I was able to make the social connection work by using the following settings for the custom login button:
Authorization URL:
https://id.vk.com/authorize?response_type=code&client_id={{client_id of the vk app}}&
redirect_uri={{callback URL set inside the VK dashboard}}&
code_challenge={{generated code challange and verifier}}&
code_challenge_method=S256
Token URL - https://id.vk.com/oauth2/auth
Client ID - vk app id
Client Secret - vk app protected/secure key
Fetch User Profile - I used the same script you have provided//other sample scripts
The issue that I have ran into is that I am received an invalid {{any user profile parameter}} error, which it appears that the retrieved data is incorrect in order to build an user profile.
Regarding this, I would advise to contact VK support.
Looks like Auth0 does not account for ‘device_id’ parameter which is required in vk id auth flow. It first appears as the redirect callback query parameter (&device_id=…) and should be passed along with the auth token for the rest of key exchange procedure.
I found customScripts property in the docs ( https :// auth0 .com/docs/api/management/v2/connections/patch-connections-by-id ) which can be used to set scripts for login, get_user, delete, verify, create and change_* actions; none of these scripts seem to be applicable for altering key exchange flow; they seem to be Custom Database Action Scripts ( https :// auth0 .com/docs/authenticate/database-connections/custom-db/templates )
Given the debug output, neither the original redirect url nor the device_id parameter are present in the scope of get_user method so I cannot implement auth flow using this entry point.
Do you know of any other options I have to affect initial key exchange flow to make use of device_id parameter?