Tanver-Hasan

function (user, context, callback) {
  
  const namespace = 'https://myapi.com/';
 
  console.log("Groups "+user.groups);
  console.log("Roles "+user.roles);
  console.log("permissions "+user.permissions);
  

  context.idToken[namespace + 'group'] = user.groups;

Tanver-Hasan

function (user, context, callback) {
    var req = require("request");
    var baseURI = "https://[tenant name].auth0.com/api/v2/";
    var id = user.user_id;

    var bname = user && user.app_metadata && user.app_metadata.bname ? user.app_metadata.bname : null;
   // console.log(bname);
   if (bname!==null) {
        var url = `${baseURI}users/${id}`;
        console.log(url);

Tanver-Hasan

      curl -X POST \
      --url 'https://{YOUR TENANT NAME}.auth0.com/api/v2/connections' \
      -H "Authorization: Bearer {Managment API access token}" \
      -H "Content-Type: application/json" \
      -d '{"name":"{connection name}","strategy":"samlp","options":{"metadataUrl":"{ IDP metadata url}"}}'



      curl -X POST \

Tanver-Hasan

Validating ID token  

Audience : Audience should be client id
Issuer : auth0 domain
Sigining key : Retrieve form JWKS 

https://auth0.com/docs/tokens/guides/id-token/validate-id-token


Validating Access token 

Tanver-Hasan

Upload custom signing certificate in Auth0 Generic SAML-P Connection

Get or generate a new signing certificate:

openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout saml.key -out saml.crt

Update the script and update the following settings:

Tanver-Hasan

// This rule will get the groups for users coming from Azure AD
// Auth0 already has the option to do that, but it (currently) won't work
// if the user is coming from a different directory than the directory
// where the app is registered (this can happen with multi-tenant apps).
// It uses the access_token provided by Azure AD, so this needs
// the 'Open ID Connect' protocol selected in the Azure AD connection.
// 
// After the rule runs, you will have the 'groups' property in the user
// that you can use to add custom claims to the id_token.
// 

Tanver-Hasan

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <title>Sign In with Auth0</title>
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
</head>
<body>

Tanver-Hasan

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
    <title>Sample Application 3</title>
  </head>

  <body>

Tanver-Hasan

function (user, context, callback) {
 // console.log(JSON.stringify(user));
 // console.log(JSON.stringify(context));
  const audience = context.request && context.request.body && context.request.body.audience ? context.request.body.audience : null;
  console.log(audience);
  if (audience === "API IDENTIFIER" ){
      console.log("Checking client");
      const whitelistClient = ["Client ID","Client ID"];
  const isValidClient= whitelistClient.some(

Tanver-Hasan

var managementClient = new ManagementClient({
  clientId: '',
  clientSecret: '',
  domain: 'xxx.auth0.com',
  retry: {
    enabled : true
  }
});