4

I'm a newbie at Auth0 and faced with the following situation:

We are building a new reporting application using VueJS (vue-cli Webpack boilerplate). The application requires Auth0 authentication but with a custom login page. I was able to get through the basic Login tutorial part of Auth0 Quickstart. However past that, I'm finding the tutorials fragmented, outdated, and confusing.

The security requirements for my project are as follows:

  • Authenticate all routes in the application except /login and /signup
  • Both Login and Signup forms should match the look/feel of the rest of the site
  • On Logout/Session expiration the user should be redirected to the Login page
  • Any application APIs also need to authenticate against Auth0 (the security token?)

I can't for the life of me figure out if I should use Auth0 API, the Lock widget, or both? I've read through the various Auth0 guides and I think the Lock widget would work but I'm not sure.

Any overall guidance on using Auth0/Lock widget with a vue-cli Webpack boilerplate based VueJS application, would be greatly appreciated.

Thank you.

Improve this question
1
  • I've figured out so far that as a requirement we cannot use Lock. We must have a custom login/signup page that authenticates via auth0 API and then presumably passes JWT token to application APIs for authentication. Commented Jun 14, 2017 at 20:38

1 Answer 1

Reset to default
3

After an extended discussion with the engineers at Auth0 the conclusion was that in the following use case, a server-side implementation of an authentication service is required. The use case for our application was the following:

  • Use 2-factor authentication
  • Seamless UX without any redirects to Auth0 (rules out Lock library, auth0.js library)

According to Auth0 engineers, we need to:

  • Implement an authentication service that has to pass the client id and client secret key to Auth0 (we're using Python to do this)
  • The authentication service talks directly to Auth0 API endpoints
  • UI talks to the authentication service instead of Auth0.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.