Auth0 Authentication Plugin

  • I am very much in need of Auth0 authentication. This should allow for SSO capabilities both across installations of Woltlab and between other products. I would write this myself, but I have just started with PHP and working with a third-party product adds a level of complexity I'm not ready for. Plus, if I were to write and release this plugin, it would not see a German release until someone takes the time to translate it, which is the opposite of the status-quo of most WoltLab plugins.

    The documentation for Auth0 with PHP is located here: 01-login

    Auth0 is a free product, so setting up a testing environment for development of the plugin will not be an issue. Plus, the documentation is not that log, so I assume it's not a very involved process.


  • I already finished Auth0, months ago. However, it's part of a bigger project, which is still in development and still takes a lot of work to be finished.

    However, when creating it, i was really thinking about it's sense. I mean... If i got this right, this is an OAuth provider that provides OAuth for other other providers, doesn't it? Yeah, it has some benefits like the One-Touch login, etc. but imho, this service is useless, if you already have all other services integrated.

  • The way I understand it, OAuth is just one piece of it. They appear to also have (perhaps recently added) a a hosted user database service as part of the free plan. If the application is connected with your Auth0 application, it can authenticate against that user database.

    I could spin up a Zentyal instance and run my own AD environment, but one of the benefits of a cloud solution is I don't necessarily have to be an expert in all of the security aspects of hosting your own solution, load balancing, etc. This is why I wanted to take advantage of Auth0's user database.

  • You bring up a good point. I would strongly prefer controlling my user database, and if I own my own AD environment, Auth0 does become a bit redundant. I think the only thing it would do for me is allowing a place for new users to register. At that point, it may be better to go spin up a CAS instance (or something similar) and handle everything by myself.

  • In case of WoltLab software, it IS redundant. Because you cannot move the whole user database to Auth0. Users are still managed in your own users database, so there's no real benefit of using Auth0 in a WoltLab based environment. You would just share your users partially with Auth0, that's all.

  • Basically what I'm looking for is a single sign-on solution across multiple sites. The issue is that, while some of these sites are WoltLab sites, some are not. Establishing an LDAP-based solution would work, but with the LDAP plugin, you cannot allow user registration. Their LDAP solution is designed for internal environments where users are added manually, it would seem. I was wanting to use Auth0 to fill that registration gap. If these were all running on IIS, I could probably implement an ADFS-based solution, but until I get my DC built, I'm stuck on paid Linux hosting.

    I would welcome any ideas on how to implement this SSO-solution.