Auth0.com, how does it work?

Question

Auth0.com, how does it work?

I would like to ask who is generating the JTW tokens when the user is logged in? If the user is logged in via facebook, does that mean facebook ganerates token? What role does Auth0.com play? Thanks to

+3

jwt auth0

tylkonachwile May 15 '17 at 17:57

source to share

2 answers

Justin · Answer 1 · 2017-05-15T18:15:26+0000

I'm going to assume that you are using Auth0 for authentication, but you have configured Auth0 so that users can log in with other authentication providers (like Facebook). In this case, its always Auth0, which generates the tokens that you get from Auth0 , is that the method by which you validate the tokens is always the same (use the public key Auth0) no matter how authenticated the user is.

However, prior to Auth0 for user authentication, there are perfectly legitimate ways to do this:

Username + password
One time password
Using another public identifier provider (such as Facebook)

And in case # 3, the process is recursively started again, instead this time Auth0 takes over as the client application and Facebook generates the JWT. Auth0 validates the token generated by Facebook and then uses that as proof that the logged in user is who they say they are and that it is safe to release their JWT to your application.

Damian lattenero · Answer 2 · 2017-05-15T18:06:09+0000

I do a little bit about tokens on the Auth0 page, you will find a lot of details:

id_token is JWT and is for client only. In the example we used earlier, when you authenticate with Google, the id_token is sent from Google to the app that tells you who you are. The app app can parse the contents of the token and use this information, such as your name and your profile picture, to customize the user interface.

In this case google provides the token.

Link

Auth0.com, how does it work?

More articles: