Authentication
with Auth0
JSON Web Token
Serveur
App
post /login
{ id: 45 }
+ signature
{
login: ...,
pwd: ...
}
Secret
header +
Token
Token
post /messages
Decode & Check validity
200 + token
200 + payload
JSON Web Token
Pour tester :
- Ne mettez pas le secret de la production ! :)
https://jwt.io
- Un token peut contenir du JSON arbitraire
Auth0
Auth0
Backend
Shared secret
App
Auth0
Database
Shared secret
login
jwt
Auth0 screens
Backend
jwt
Use your own DB
Auth0
Shared secret
App
Local Database
Shared secret
login
jwt
Auth0 screens
Backend
jwt
User details
Add information inside the JWT:
Fetch full profile from Auth0:
https://auth0.com/docs/libraries/lock/v10/sending-authentication-parameters#scope-string-
https://auth0.com/docs/api/authentication#!#post--tokeninfo
Pricing
- 10,000 Regular Active Users => $2400/year
- A week of development (2devs) : €10 000
Replacing it
Keep jwt
- Replace Auth0 by a micro-service/backend that returns the same kind of token.
- Implement signup/reset password and Facebook/Twitter on the backend
- Replace the Auth0 screens (react-native-lock) by your own screens.
Authentication
By Florian Rival
Authentication
- 2,174