sohail49's avatar

Hi i am creating a universal login system like using auth0

Hi i am creating a universal login system like (Google Or Apple) using auth0 and I need your suggestion on if auth0 would be a good fit

Feature Description just like in Google when you click manage account it takes you to another app where you can customize your account. My feature is the same plus i have a teams system too soyou can create teams & member there too

now if we come to the individual (other) apps all in need of is some info about the user and teams like

user

  • name
  • email
  • profile_picture

teams

  • name
  • profile_picture

team_members

  • user_id
  • team_id

so since the team data is saved in user meta_data i can access the in the app that only problem in auth0 that i have is one you log in i get the data from the sessions and the only way to get new data is logout and login

first is there and workaround for that and also is there a better solution for this

if you guys have any ideas let me know

Thanks For Reading

0 likes
8 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

Auth0 is indeed a robust solution for implementing a universal login system similar to those provided by major tech companies like Google or Apple. It offers extensive documentation and a wide range of features that can help you manage user authentication and authorization across multiple applications.

Addressing Your Concerns

1. User and Team Data Management

Auth0 allows you to store custom data in user profiles, which can include team information as you described. You can use the user_metadata and app_metadata for storing such information. user_metadata can store user-specific information like team memberships, whereas app_metadata is useful for permissions and roles that are managed by admins.

2. Fetching Updated Data Without Re-login

One common issue with session-based authentication is that changes in user data might not reflect immediately if they are only fetched during the login process. To handle this, you can:

  • Use Silent Authentication: This allows you to obtain new tokens without requiring the user to login again. It can be implemented using the checkSession method in Auth0.js or with the getTokenSilently method in the Auth0 SPA SDK.
  • Periodic Token Refresh: Implement token refresh functionality in your application. This can be set up to run at certain intervals or triggered by specific user actions to ensure that the session information is up-to-date.

Code Example for Silent Authentication

Here's a basic example of how you might implement silent authentication in a JavaScript application using Auth0:

// Using Auth0 SPA SDK
const auth0Client = await createAuth0Client({
    domain: 'YOUR_DOMAIN',
    client_id: 'YOUR_CLIENT_ID',
    redirect_uri: 'YOUR_CALLBACK_URL'
});

try {
    // Get the access token silently
    const token = await auth0Client.getTokenSilently();
    console.log("Token received silently", token);
} catch (error) {
    console.error("Silent authentication failed", error);
}

Alternative Solutions

While Auth0 is powerful, there are other Identity as a Service (IDaaS) providers like Okta, Firebase Authentication, and Amazon Cognito. Each comes with its own set of features and might be more suitable depending on your specific requirements, such as ease of integration with other services, pricing, or specific features like multi-factor authentication support.

Conclusion

Auth0 should serve well for your requirements of a universal login system with team management features. However, consider the user experience and system performance implications of your chosen method for updating user session data. Exploring other IDaaS providers could also provide you with a better fit for your specific needs.

martinbean's avatar

@sohail49 All OAuth is, is a mechanism for obtaining a token to authorise requests as a user. That token doesn’t say anything about who the user is or what privileges they have. It’s the server that would determine those based on the token being presented; the server will then accept or reject the request based on whether the user is allowed to or not.

Your other apps will need some way of obtaining user information and their permissions if you want your other apps to work with that information. If teams change in the authorisation server, then you could use webhooks or some sort of event-based system to then notify other applications about the changes, so that they can update their own databases accordingly.

1 like
sohail49's avatar

@martinbean ok maybe i dont understand OAuth correctly because so for what i read about Oauth2.0 is it is a SSO where you can authorize your app with another app like (github or google) i don't want that i only be internal for our apps

but what i want to achieve is when the user clicks on the login form they are redirected to a page "account.mydomain.com/login" Once they login i redirect them back to the app they were on and now they are authenticated i also want to save a bit of the user info on my current app server just for displaying like

name, email, and profile (when they register and update their info)

and also about their teams (when they get added or removed) yes i can use an API hook to achieve this i can send an API request to my app when some action happen

can i achieve something like this using Laravel Passport or fortify or something and it the OAuth2.0

martinbean's avatar

@sohail49 I literally outlined in my previous reply how it would work.

OAuth isn’t specifically for SSO, but can be used for SSO, yes. OAuth is just a way of authorising access to some resource on another server. You get a token. It’s up to you what you use that token or do with that token.

1 like
sohail49's avatar

@martinbean right but is Oauth the correct way to do it and is there another way a better way to do the

right now i am using auth0 but like is said in auth0 it saves the data in session and when i update the user data it does get updated in auth0 but not inside my app i have to logout and login back for the data to be reflected and I created a workaround instead of using session i requested the data of the user from auth0 but since it the an expensive task i cache data forever and bust the cache when the user updates but i only work for the current app and in other app it still have old cache

it would be good if somehow i could use auth0 to send an event to all the apps to bust the cache i am looking for for a way but so for nothing that why i started looking for other applications or even if i can build something by self

sohail49's avatar

@martinbean any suggestions on which method is better or any resources where i can read about them and how can I achieve that in laravel

Please or to participate in this conversation.