Auth0

Auth0

💡
Follow this guide to get Auth0 setup in your Divjoy codebase. Click the ▶︎ icon next to any step to see a detailed walkthrough with screenshots. If anything is confusing please reach out.

Basic Setup

Create a new Auth0 application with type "Single Page Web Applications".
Go to your new app's settings, copy your "Domain" and "Client ID" values, and then update your codebase .env file.
In your app's settings scroll to the bottom, click "Show Advanced Settings", go to the "Grant Types" tab, check the "Password" option, then click save.
In your app settings add your dev and production domains to the "Allowed Web Origins" and "Allowed Origins (CORS)" sections. 
🙌
You should now have working email and password authentication in your web app.
image

Enable Account Updating

Follow these steps to enable users to be able to update their email and password from the account settings UI in your web app.

Create a second Auth0 application with type "Machine to Machine Applications". This second Auth0 app is required for updating user info server-side. Auth0 doesn't allow authenticated users to update email and password client-side, so we give you a server-endpoint that handles that.
In the "Authorize Machine to Machine Application" popup select "Auth0 Management API" and check the "update:users" scope.
Go to your new app's settings, copy your "Client ID", and "Client Secret" values, and then then update your codebase .env file (the keys start with AUTH0_MANAGEMENT_).
🕺
After signing into your web app you should now be able to update your email and password from the account settings page.

Enable Social Authentication

Follow these steps to enable users to sign in with social auth providers, such as Google, Facebook, Twitter, etc.

In your app settings add these URLs to "Allowed Callback URLs". Replace "mydomain.com" with your actual production domain before going live.
Enable the auth providers you want to use in Connections → Social. For each provider make sure to also enable that provider for your Auth0 app in the "Applications" tab of the popup.
Auth0 will display an extra consent screen when users login that only makes sense in the context of enterprise apps. Disable this by going to APIs → Auth0 Management API → scroll to the bottom and enable "Allow Skipping User Consent".
  • If you want to use any other providers other than password, google, facebook, twitter, or github then you'll need to add them in your auth code. Follow this guide to do that.
😺
You should now be able to sign in to your web app with social auth providers.

Other

  • By default Auth0 has strict password rules (must be 8 or more chars, etc). You can adjust this in Dashboard → Connections → Database → Username-Password-Authentication → Password Policy.
  • Users will be asked to verify their email after signing up. You can customize the email template in Dashboard → Emails → Templates. Keep in mind you'll need to specify a provider for email sending before custom templates will work.
  • When a user requests to reset their password they will receive an email from Auth0 that takes them to an Auth0 hosted interface for changing their password. You can customize this email template in Dashboard → Emails → Templates.
  • By default, if a user attempts to signup with an existing account they will get a generic “Invalid signup” message. You can change this to the more understandable “User already exists” error message by toggling a setting in Auth0. Please see the Auth0 documentation on this.