IdP initiated login:
IdP initiated logout:
How is it initiated?
Once initiated, sends the logout request to the callback URL configured at SAML addon callback setting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>2nd Factor Authentication</title> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
| <style type="text/css"> | |
| html, body { padding: 0; margin: 0; } |
saltukalakus
/ handler.js
Created
September 7, 2020 14:19
— forked from marc-barry/handler.js
Cloudflare Worker for Auth0 Self-Managed Certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addEventListener('fetch', event => { | |
| event.respondWith(handleRequest(event.request)) | |
| }) | |
| async function handleRequest(request) { | |
| const url = new URL(request.url) | |
| url.hostname = 'SOME_HOSTNAME' // i.e. 'dev-w-47n-vy-cd-e88kLg26GFbLGgBI.edge.tenants.auth0.com' | |
| request = new Request(request) | |
| request.headers.set('cname-api-key', 'SOME_KEY') // i.e. 'd4f2f3ef5a3ee3af4846127281d3450628bdc16d63e802dea75878fe9a63a279' | |
saltukalakus
/ tokenFromConfig
Created
August 15, 2020 16:46
— forked from SumanaMalkapuram/tokenFromConfig
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| async function getTokenFromRulesConfig(user, context, callback) { | |
| const m2mClientID = configuration.m2mCID; | |
| const m2mClientSecret = configuration.m2mCSecret; | |
| let auth0Domain = '<<your_tenant>>.auth0.com'; | |
| const moment = require('moment-timezone'); | |
| let axios = require('axios'); | |
| const country = context.request.geoip.country_name; | |
| const data = { | |
| user_app_metadata: user.app_metadata, | |
| email: user.email, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function (user, context, callback) { | |
| var CLIENTS_WITH_MFA = ['REPLACE_WITH_YOUR_CLIENT_ID']; | |
| // run only for the specified clients | |
| if (CLIENTS_WITH_MFA.indexOf(context.clientID) !== -1) { | |
| // uncomment the following if clause in case you want to request a second factor only from user's that have user_metadata.use_mfa === true | |
| // if (user.user_metadata && user.user_metadata.use_mfa){ | |
| context.multifactor = { | |
| //required |
saltukalakus
/ AddMetadataBasic.md
Last active
June 2, 2025 20:36
Signing in from the enterprise and social connections with metadata available starting from the first login (a.k.a signup)
- We have an app that the users can log in only with a few selected social and the enterprise connections. These users should have a specific app_metadata and user_metadata starting from the first login.
1-) Creaate a regular Auth0 DB connection with signup option turned off. Let's assume it's named as Auth0DBInitialMetadata.
2-) Set a rule which prevents login in with the Auth0 DB connection above. So that this connection isn't used for login directly unintentionally.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function login(email, password, callback) { | |
| const mysql = require('[email protected]'); | |
| const bcrypt = require('bcrypt'); | |
| const azureCa = "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9aMQswCQYDVQQGEwJJ\n....\nR9I4LtD+gdwyah617jzV/OeELqYzmp\n-----END CERTIFICATE-----\n"; | |
| const connection = mysql.createConnection({ | |
| host: configuration.DbHost, | |
| user: configuration.DbUser, | |
| password: configuration.DbPassword, | |
| database: configuration.DbName, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "allowed_clients": [], | |
| "allowed_logout_urls": [ | |
| "https://##ENV##.myapp.com/logout" | |
| ], | |
| "allowed_origins": [ | |
| "https://##ENV##.myapp.com/" | |
| ], | |
| "app_type": "spa", | |
| "callbacks": @@example-app-redirect-uri@@, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* globals require, configuration */ | |
| /** | |
| * This script will be executed when the user wishes to change their password to test if the user exists. | |
| * This needs a global configuration option with the following properties: | |
| * {string} endpointUrl - Site URL with an empty "a0_action" parameter appended. | |
| * {string} migrationToken - Migration token found in the plugin settings | |
| * {string} userNamespace - Formatted site name to avoid user ID overlapping. | |
| * | |
| * @param {string} email - User email address, provided on login. |
saltukalakus
/ saml_metadata_modified_with_connection.xml
Last active
June 2, 2025 20:36
Saml metadata modified with the connection name where Auth0 is the IdP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <EntityDescriptor entityID="urn:saltuk-auth0idp.auth0.com" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> | |
| <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |
| <KeyDescriptor use="signing"> | |
| <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> | |
| <X509Data> | |
| <X509Certificate>MIIC+jCCAeKgAwIBAgIJM/mSNGTlZt68MA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNVBAMTGXNhbHR1ay1hdXRoMGlkcC5hdXRoMC5jb20wHhcNMTYxMDE0MTQ1MjA1WhcNMzAwNjIzMTQ1MjA1WjAkMSIwIAYDVQQDExlzYWx0dWstYXV0aDBpZHAuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA063hHO/Re8FcsDvQu6CZJi8pO4BahbemEoyYYtEbUPcXaHE47HCXqEESdQLxTw1PDCKIrjtCD+jqhn/yJusJTiQEr2ytvIhmM9spHL+iSQpw9fOTj5PimfQ+pHWJd23lasPJbzd5vZKlQwAbOod2HNSPOl5iWp6v5fqevidRH75T8imctXFd3f1H0q/Y8kUWYzLAbtk6IIhWcfZKG8XXrvtPa4nvmYXw6vnac/TYjdNsBfEZ1/613fL4HoixdU+jZADUswLeCNy4v1Q8pyCbHAh+P+lMW6HIHqVvu9zGv3vkhP5iyuVeFoVGGywqWurNBNWPZkhNFU2UtQhu37W6rwIDAQABoy8wLTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQg1RX34/QPs9ay6NRELbAZcQbDDzANBgkqhkiG9w0BAQUFAAOCAQEAr1+qRB0Abky8d |