Skip to main content

Auth0: Authorization Flows

 Today I write this entry after a few late nights of personal research.  I am building an app and an important part of it will be to integrate it to other services using Zapier.  To do that, I need to make a REST-ful API layer with no login form, but instead to have an authorize routine which can take the user's credentials and to pass back an Access Token.

Up until now, other services I have helped establish have either used the Universal Login method, or simply with my own custom Javascript wrapper using the SDK.  Neither of these solutions is going to fit my need.  I did understand that from all of the available methods it had to offer, OAuth was going to fit it in some way, but I did not quite understand how I would evade having to use a login UI element.

I've now had more of a solid read over the Auth0 Authentication API documentation, and on the subject of Get Token, there are number of different types of login flows, the main key/value that determines one flow to the other is what is described in the "grant_type".  What caught my eye was the Resource Owner Password flow.  Using this I can pass-through the credentials from my API layer, and return back the response directly from Auth0 which contains the access token specifically for that user.

So, here is the start of my class:

When a user has their access token in the "Authorization" of their request header, I can then use getUser to get the details of that profile.  I have more testing to continue with, but I hope this takes out a load of headaches for you that I ran through!

One more thing...

You are more than likely going to first need to update your your Auth0 application to accept this particular grant type. Use your Auth0 domain and client ID in to this URL and use the following body:

{
  "grant_types": [
        "password",
        "http://auth0.com/oauth/grant-type/password-realm"
    ]
}

Of course, you'll need to first get your access token to make this kind of an update.


Labels:

Comments

Post a Comment

Popular posts from this blog

question2answer Wordpress Integration

 Today I want to journal my implementation of a WordPress site with the package of "question2answer".  It comes as self-promoted as being able to integrate with WordPress "out of the box".  I'm going to vent a small amount of frustration here, because the only integration going on is the simplicity of configuration with using the same database, along with the user authentication of WordPress.  Otherwise they run as two separate sites/themes. This will not do. So let's get to some context.  I have a new hobby project in mind which requires a open source stack-overflow clone.  Enter question2answer .  Now I don't want to come across as completely ungrateful, this package - while old, ticks all the boxes and looks like it was well maintained, but I need every  page to look the same to have a seamless integration.  So, let's go through this step by step. Forum Index Update This step probably  doesn't need to be done, but I just wanted to make sure th
Post a Comment
Read more

Machine Learning: Teaching Wisdom of the Crowd

I got lost in an absolute myriad of thoughts the other day, and it essentially wound up wondering if we can teach machines to count, beyond of what it can see in an image, and I've come up with a small experiment that I would absolutely love to collaborate on if anyone (@ Google ?) else is interested. The idea is based on  the concept of the experiments performed using " Wisdom of the Crowd ", commonly in this experiment to use a jar of jelly beans and asking many people to make a guess as to how many is in there.  Machine learning can be used to make predictions from patterns, but it would have nothing to gain looking at one picture of a jelly bean jar to the next and being able to correctly identify that is in fact - a jar of jelly beans. But suppose we feed it several images of jars of jelly beans, along with all of the guesses people have made of how many is in there.  Can we then presume that feeding it a new image, it would be able to give us a fairly accurate c
Post a Comment
Read more

WooCommerce: Controlling an Asset CDN

Continuing on from my last post , I faced a new issue when it came to adding products and the associated images I was putting in (from Cloudinary ) was getting uploaded to the WordPress media library. Not only that, using the URL from my site instead of the CDN it had come from. Double up on all of my images, what a waste - and I want to host from the CDN to keep costs of bandwidth down.  So let me show you how I overcame it. Separating the herd What was interesting, is that it was keeping a record of the original source location, and I found I could filter these apart from the rest of my media library: With this in mind, I wrote a function around it so I could use it to give me a true/false if the given attachment was from this source. Attaching the hook Next, needed a way that as soon as an image was added, that it would update the attachment (post) pointing to the correct reference, and not to the file on our server. I found the add_attachment hook, which fires only whe
Post a Comment
Read more