Hi All,

I am attempting to integrate Auth0 authentication into my EWB app.
Auth0 has a JS example, which I included below, but I am unsure whether this is easier to convert into native EWB, or whether I need to use a TScript and then "map" it's functions/procedures to my EWB functions/procedures, and, how I would actually accomplish either of these?

Has anyone had any experience in integrating Auth0 authentication into their EWB apps?

Thanks

Richard

  $(function(){
       /*
       * Authentication code
       */
       const AUTH0_CLIENT_ID = "DaIj3UPFDF2yGxBYwfwDV1VTfxN5p20p";
       const AUTH0_DOMAIN = "knutmt.eu.auth0.com";
      
       var lock = new Auth0Lock(AUTH0_CLIENT_ID, AUTH0_DOMAIN, {
           auth: {
           params: { scope: 'openid email' } //Details: https://auth0.com/docs/scopes
           }
       });
      
       // auto login
       if (localStorage.getItem('id_token')) {
           var token = localStorage.getItem('id_token');
           lock.getProfile(token, function(error, profile) {
               if (error) {
                   // Handle error
                   return;
               }
              
               // Display user information
               show_profile_info(profile);
              
               // global ajax Authorization setup
               $.ajaxPrefilter(function( options ) {
                   if ( !options.beforeSend) {
                       options.beforeSend = function (xhr) {
                           xhr.setRequestHeader('Authorization', 'Bearer ' + localStorage.getItem('id_token'));
                       }
                   }
               });
              
               // get task items from database
               getItems();
           });
       }
       var show_profile_info = function(profile) {
           $('.nickname').text(profile.nickname);
           $('.btn-login').hide();
           $('.avatar').attr('src', profile.picture).show();
           $('.btn-logout').show();
        };

       var retrieve_profile = function() {
           var id_token = localStorage.getItem('id_token');
           if (id_token) {
             lock.getProfile(id_token, function (err, profile) {
               if (err) {
                 return alert('There was an error getting the profile: ' + err.message);
               }
               // Display user information
               show_profile_info(profile);
               // enable api button
               $('.btn-api').removeAttr("disabled");
             });
           }
       };
      
       $('.btn-login').click(function(e) {
           e.preventDefault();
           lock.show();
           return false;
       });
      
       $('.btn-logout').click(function(e) {
          localStorage.removeItem('id_token');
          $('.btn-api').attr("disabled", "true");
          window.location.href = "/";
          e.preventDefault();
          return false;
       });
      
       lock.on("authenticated", function(authResult) {
           lock.getProfile(authResult.idToken, function(error, profile) {
               if (error) {
                   // Handle error
                   return;
               }
               localStorage.setItem('id_token', authResult.idToken);
              
               // Display user information
               show_profile_info(profile);
             
               // global ajax Authorization setup
               $.ajaxPrefilter(function( options ) {
                   if ( !options.beforeSend) {
                       options.beforeSend = function (xhr) {
                           xhr.setRequestHeader('Authorization', 'Bearer ' + localStorage.getItem('id_token'));
                       }
                   }
               });
              
               // get task items from database
               getItems();
           });
       });

Richard wrote:

> I am attempting to integrate Auth0 authentication into my EWB app.

Not looked at your code (about to leave) but OAuth2 is in Eric's book.

--

Matthew Jones

Richard,

<< I am attempting to integrate Auth0 authentication into my EWB app.
Auth0 has a JS example, which I included below, but I am unsure whether this is easier to convert into native EWB, or whether I need to use a TScript and then "map" it's functions/procedures to my EWB functions/procedures, and, how I would actually accomplish either of these? >>

This is going to be way too much for a forum post.  What you're needing is an implementation of their API, which will require, at the very least:

1) An external interface for EWB so that EWB can call their JS API.

2) Delphi code for an EWB Web Server module to handle callbacks from their service during authentication.

You're probably looking at a week's worth of work, including testing/integration.

Tim Young
Elevate Software
www.elevatesoft.com

Tim Young [Elevate Software] wrote:

Richard,

<< I am attempting to integrate Auth0 authentication into my EWB app.
Auth0 has a JS example, which I included below, but I am unsure whether this is easier to convert into native EWB, or whether I need to use a TScript and then "map" it's functions/procedures to my EWB functions/procedures, and, how I would actually accomplish either of these? >>

<<This is going to be way too much for a forum post.  What you're needing is an implementation of their API, which will require, at the very least:

> 1) An external interface for EWB so that EWB can call their JS API.

The code in my book works with PHP and OAuth2.  If you need it in a pinch, install Apache+PHP on a different port on your web server and use it to authenticate.  You can also use Apache+SSL to forward requests to Elevate web server via a local HTTP connection.  I haven't done it, but I've done so with NGinx (page 181 of my Mormot book), and NGinx can be used with PHP.

Since that time, OAuth2 has become somewhat deprecated in favour of a combination of Auth2 + JSON web tokens (JWT).  When combined, the pair is know as OpenID Connect (or for short: OIDC), which is unfortunately totally unrelated to Open ID 1 or 2, so web searches are totally confusing.

OIDC is the gold standard in modern authentication.  What's cool is that the session ID is actually a JWT token meaning you can inspect the contents and read Userid, permissions, etc. at any time right from the token (see jwt.io web site) and uses a cryptographic check to validate the authentication, meaning it doesn't have to send the token back to a central server to validate, you can validate with the hash.  Hence there is no need to keep an active session on the server, the token fully specifies the session information!!!! That is huge, it means you do not check the password on each HTTP action, you just have to validate the token's hash makes sense.

I've got OIDC working with Apache and mod_auth_oidc, and it is supported on NGinx too, but I've yet to get it working with other examples even those there are certified OIDC PHP and other systems.  I'm now working on a large national network security research project which may indirectly require us to port it to other systems.

Mormot has JWT but doesn't have OIDC yet.  I'm hoping someone beats me to the project so I don't have to Pascal code it myself.  It is a fair bit of work to do right.

Hmmm, if Elevate lets you write Apache modules under Linux, you could probably use the mod_auth_oidc module to do most of the work.

So, I'm saying I don't have immediate answers.  

Erick
http://www.erickengelke.com