Auth0 backend improvements
See original GitHub issueHi team 👋
In our login page at Auth0, we accept certain query parameters that can change how the form is being shown to the user. In this particular case, I wanted to add the screen_hint
parameter which would tell the form to show displaying the “Sign Up” screen/tab first. This parameter should be dynamically added only for the sign-up scenario. The log-in scenario should remain the same, without the parameter or a different value. You’d be surprised by the number of people that want a sign-up button that takes them to the “Sign Up” screen and not the “Log In” one.
In order to do that with python-social-auth, I explored the following options:
- Hardcoding the query in the authorization URL - Would affect all requests 🚫
- Adding the extra parameters in the
SOCIAL_AUTH_{backend}_EXTRA_ARGUMENTS
setting - Would affect all requests 🚫 - Creating a new entry in the
urls.py
mapping file to call my own function when/signup
is called - I was not able to access the strategy’s “final” generated authorization_url to add the parameter there ⚠️ I think it could have worked if I whitelisted the parameter and redirected to the login page (see below). - Overriding the
auth_extra_arguments
function in the backend to check if the parameters were present in the “local login” request and adding them to the super ones. First, whitelisting these inSOCIAL_AUTH_FIELDS_STORED_IN_SESSION
- I’m hardcoding the query in the template file. This worked fine ✔️
There are a few things I wanted to ask.
- Is there a better, simpler way to achieve what I did above?
- Auth0 implements OIDC, would you accept a PR that creates a new backend that extends this class?
- Adding extra parameters to the authorization_url dynamically as the case explained above should be straightforward. Unless there’s a simpler solution (1), I was thinking the backend could do this whitelisting and addition of common parameters (either common to the protocol or the backend) to the authorization_url internally if they were present in the “local login” request. Something like what I did to resolve this use case. Would you accept a PR that overrides the
auth_extra_arguments
for the auth0 backend (or the OIDC variant, if introduced) and checks for presence before adding the query values?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:6
Top Results From Across the Web
Auth0 Backend/API Quickstarts
Browse backend/api quickstarts to learn how to quickly add authentication to your app.
Read more >API Code Samples - Auth0
Use different Backend/API frameworks and languages to explore the authorization features of the Auth0 Identity Platform.
Read more >Changelog - Auth0
Announcing an improvement to Auth0's security and performance with refresh token limits. We are limiting the amount of refresh tokens to 200 active...
Read more >Node 18 Is Now Available in Beta for Actions - Auth0
As part of this update, we have made improvements to how our back-end runtime for Actions operates and are giving you the opportunity...
Read more >Developer Center | Auth0
Learn about Auth0, explore tutorials, download code samples, connect with us, ... Explore the basics of identity and the Auth0 platform. ... Backend/API....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.