Authentication

with Auth0

JSON Web Token

Serveur

App

post /login

{ id: 45 }

+ signature

{ 
  login: ..., 
  pwd: ... 
}

Secret

header +

Token

Token

post /messages

Decode & Check validity

200 + token

200 + payload

JSON Web Token

Pour tester :

  • Ne mettez pas le secret de la production ! :) 

https://jwt.io

  • Un token peut contenir du JSON arbitraire

Auth0

Auth0

Backend

Shared secret

App

Auth0

Database

Twitter

Facebook

Shared secret

login

jwt

Auth0 screens

Backend

jwt

Use your own DB

Auth0

Shared secret

App

Local Database

Twitter

Facebook

Shared secret

login

jwt

Auth0 screens

Backend

jwt

User details

Add information inside the JWT:

Fetch full profile from Auth0:

https://auth0.com/docs/libraries/lock/v10/sending-authentication-parameters#scope-string-

https://auth0.com/docs/api/authentication#!#post--tokeninfo

Pricing

  • 10,000 Regular Active Users => $2400/year
  • A week of development (2devs) : €10 000

Replacing it

Keep jwt

  • Replace Auth0 by a micro-service/backend that returns the same kind of token.
  • Implement signup/reset password and Facebook/Twitter on the backend
  • Replace the Auth0 screens (react-native-lock) by your own screens.

Authentication

By Florian Rival