Jess TemporalNew video in the #auth0 channel! 🍿🍿
This one's short (under 3 min) and shows the new dry-run feature in the Auth0 Deploy CLI, preview what a deploy will change before it runs 👀
Go check it out and let me know what you think, would you use this?
tobesIdentity systems answer 'who are you?' well. They struggle with 'and who are you acting for?'
New post on delegated access — why separating the actor from the account matters across healthcare, financial services, telco and more, and how Auth0 + Auth0 FGA address the two sides of the problem.
https://tobytes.com/articles/acting-on-behalf-of-separating-actor-from-account
Acting on behalf of: separating the actor from the account in modern identity
Identity systems are very good at answering one question: who are you? What they are less good at is the follow-up: and who are you acting for? In this post I will look at why separating the authenticated user from the account or person they are acting within is important, what it enables across a range of industries, and how Auth0 and Auth0 FGA address the two complementary sides of the problem.
Home Realm Discovery usually lives at the network edge. I tried it inside Auth0's Advanced Custom Universal Login instead — email lookup and tenant routing handled entirely in the login-id screen, no edge proxy.
A walk-through with the ACUL config and the security considerations of putting a lookup before authentication.
https://www.tobytes.com/articles/multi-tenant-home-realm-discovery-acul
Multi-Tenant Home Realm Discovery with Auth0 Advanced Custom Universal Login
Home Realm Discovery is a well-understood pattern at the network layer, but moving that routing logic inside Auth0's login flow using Advanced Custom Universal Login opens up some interesting possibilities — and a few unexpected challenges.
Home Realm Discovery usually lives at the network edge. I tried it inside Auth0's Advanced Custom Universal Login instead — email lookup and tenant routing handled entirely in the login-id screen, no edge proxy.
A walk-through with the ACUL config and the security considerations of putting a lookup before authentication.
https://www.tobytes.com/articles/multi-tenant-home-realm-discovery-acul
Multi-Tenant Home Realm Discovery with Auth0 Advanced Custom Universal Login
Home Realm Discovery is a well-understood pattern at the network layer, but moving that routing logic inside Auth0's login flow using Advanced Custom Universal Login opens up some interesting possibilities — and a few unexpected challenges.
botMinitest를 사용한 Rails 앱의 Auth0 로그인 테스트 방법
OmniAuth의 테스트 모드를 활성화하여 실제 Auth0 서버에 접속하지 않고도 콜백, 세션, 보호된 경로를 테스트할 수 있다.
OSTechNixLearn how to migrate from Auth0 to Ory open source IAM stack. Export users, import identities, swap SDKs, and migrate social logins.
Full guide here: https://ostechnix.com/migrate-auth0-to-ory/
BlemeBearer of Good News
Bearer of Good News
gaby_waldSécuriser APIs : OAuth 2.0, rate limiting, validation entrées, logging (ELK), tests (OWASP ZAP). Exemple : fuite 2M€. #CyberSécurité #API #Tech #OWASP #Auth0 ... https://www.linkedin.com/posts/gabriel-chandesris_cybersaezcuritaez-api-tech-share-7454442976220508160-CSQm
#cybersécurité #api #tech #owasp #auth0 | Gabriel C.
🛡️ "Vos APIs sont des portes ouvertes pour les hackers. Voici comment les sécuriser" Les **APIs sont ciblées dans 40% des cyberattaques** (Gartner, 2023). Voici **5 règles pour les protéger** : 1️⃣ **Authentification forte** : - **OAuth 2.0** + **JWT** (pas de basic auth !). - Exemple : Utilisez **Auth0** ou **Okta**. 2️⃣ **Rate Limiting** : - Limitez à **100 requêtes/minute/IP** (outil : **NGINX**, **Kong**). 3️⃣ **Validation des entrées** : - Bloquez les **injections SQL/NoSQL** avec des schémas stricts (ex : **OpenAPI**). 4️⃣ **Logging et Monitoring** : - **ELK Stack** ou **Datadog** pour détecter les attaques. 5️⃣ **Tests de sécurité** : - **OWASP ZAP** pour scanner les vulnérabilités. 💡 **Cas réel** : Une API non sécurisée a coûté **2M€** à une fintech en 2022 (fuite de données clients). 💬 **Quelle est la pire faille API que vous ayez vue ?** #CyberSécurité #API #Tech #OWASP #Auth0
Terence Eden’s BlogAdding "Log In With Mastodon" to Auth0
https://shkspr.mobi/blog/2026/03/adding-log-in-with-mastodon-to-auth0/I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs.
There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon0.
All is not lost though. The Auth0 documentation says:
However, you can use Auth0’s Connections API to add any OAuth2 Authorization Server as an identity provider.
You can manually add a single Mastodon instance, but that doesn't work with the decentralised nature of the Fediverse. Instead, I've come up with a manual solution which works with any Mastodon server!
Background
Every Mastodon1 server is independent. I have an account on mastodon.social you have an account on whatever.chaos. They are separate servers, albeit running similar software. A generic authenticator needs to work with all these servers. There's no point only allowing log ins from a single server.
Fortuitously, Mastodon allows app developers to automatically create new apps. A few simple lines of code and you will have an API key suitable for read-only access to that server. You can read how to instantly create Mastodon API keys or you can steal my PHP code.
User Experience
The user clicks the sign-in button on OpenBenches. They're taken to the Auth0 social login screen:
The user clicks on Mastodon. This is where Auth0's involvement ends!
The user is asked to provide the URl of their instance:
In the background, my server contacts the Mastodon instance and creates a read-only API key.
The user is asked to sign in to Mastodon.
The user is asked to authorise read-only access.
The user is now signed in and OpenBenches can retrieve their name, avatar image, and other useful information. Hurrah!
Auth0
Once you have created a service to generate API keys, it will need to run on a publicly accessible web server. For example https://example.com/mastodon_login.
Here's what you need to do within your Auth0 tennant:
- Authentication → Social → Create Connection
- At the bottom, choose "Create Custom".
- Choose "Authentication" only.
- Give your connection a name. This will be visible to users.
- "Authorization URL" and "Token URL" have the same value - the URl of your service.
- "Client ID" is only visible to you.
- "Client Secret" any random password; it won't be used for anything.
- Leave everything else in the default state.
It should look something like this:
Click the "Create" button and you're (almost) done.
Auth0 Icon
You will need to add a custom icon to the social integration. Annoyingly, there's no way to do it through the web interface, so follow that guide to use the command line.
Done!
I'll admit, this isn't the most straightforward thing to implement. Auth0 could make this easier - but it would still rely on users knowing the URl of their home instance.
That said, the Mastodon API is a delight to work with and the read-only permissions reduce risk for all parties.
Auth0 did blog about Mastodon a few years ago but never bothered implementing it! ↩︎
I do mean Mastodon; not the wider Fediverse. This only works with sites which have implemented Mastodon's APIs. ↩︎
Adding "Log In With Mastodon" to Auth0
I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs. There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon. All is not lost…