import http from 'http' const server = http.createServer(handleAuth0Response).listen( 4242, ( err?: Error) => Next Steps: Use the authentication token Start an HTTP server on the localhost address with the custom port 4242 that will handle authentication responses from Auth0. Implementation Step 1: Start a local HTTP server We can provide the user with a log-out command that deletes the stored token and revokes it with Auth0. The process of setting up a new machine is quick and simple. The login process is simple and doesn’t take much time. We can enforce expiration on the access token and have the user re-authenticate, thus rotating credentials periodically. This process automates the manual work done by the user in the common solution while providing a web login experience with SSO. Later, any of our locally running apps can use this token to authenticate. Once we obtain the access token, we can store it in a file, accessible only to the user, just as we would store secrets. Handle a redirect request from Auth0 to the localhost server, obtain the authentication code, and stop the serverĬall the Auth0 Management API to obtain an access token for the user Let the user login the same as they would in a web application Open a parameterized Auth0 authorization URL in a browser Start an HTTP server on the localhost address The better solutionĪfter reading the Auth0 documentation and blog, it is clear how we can obtain an access token for the user from the terminal and still enjoy a web authentication experience with SSO: If you care to provide your users with a better experience, there is another way. Making users manually manage their secrets works, but it is not the best experience for them. Users must manually delete the files that hold the secrets or revoke them to log out Users must log in and create a secret for each machine they use The secrets don’t rotate - an attacker may use a stolen secret until the user manually revokes it There are a few drawbacks to this approach: AWS access keys, GitHub SSH Keys, and NPM Auth Tokens). One way to approach this challenge is to generate a secret for users to store in a file manually (e.g. The library sources are available at and an NPM package at The traditional solution: using secrets We also published an open source library that implements the solution and can save you some work. The code in this article was simplified for a better reading experience. Skip to the Implementation section to see the steps and code samples. In this article, we’ll take a look at the traditional way to do authentication in the terminal and how we can improve the experience for our users. Authentication with an Identity as a Service provider, such as Auth0, is pretty straight forward in a web application, but we also want to provide the same convenient SSO experience for our CLI users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |