I'm using hosted screen of Auth0. I want the following scenario to work-
But what I'm facing is this screen-
How can I save my user this additional click? How do I implement silent authentication? I know that you have to pass prompt=none
to /authorize
api, but since I'm not manually calling the api, how do I make the lock call /authorize
with prompt=none
?
Silent authentication allows you to automatically authenticate users in your game via a publishing platform.
Silent authentication is a mechanism based on machine learning. It analyzes both consumer behavioral & environmental patterns such as the way you write on your smartphone or PC, the way you walk, and your geolocation. But it also uses signals surrounding you like Bluetooth devices and Wi-Fi networks.
There are three ways to authenticate with this API: with an OAuth2 Access Token in the Authorization request header field (which uses the Bearer authentication scheme to transmit the Access Token) with your Client ID and Client Secret credentials. only with your Client ID.
What you want is silent SSO which is related to SSO but kind of independent.
The key is in the prompt
param. This needs to be none
in order for the user to not be prompted for login when he's already logged in Auth0's Authorization Server ("central SSO").
One annoying thing I found is that prompt
is taken literally, so if the user is not logged in yet, he will not be prompted to login (you'd think it'd make sense to prompt the user when not logged right?).
In this case SSO will redirect to your app's /authorize
with an error like "authentication required" and you'll have to handle it by redirecting the user to your /login
endpoint again but passing prompt=true
so that it knows that this time he'll have to pass prompt=true
to Auth0's hosted login page.
To make things a bit uglier, currently passport-auth0-openidconnect
seems to ignore the params you pass to the strategy unless you monkey patch one of the methods involved (I created a PR for it, don't when will be approved and/or if makes sense).
Essentially:
prompt=none
prompt=true
I know it's a bit fiddly but I hope this helps you :)
PS: Another thing to bear in mind - I now just found out that it works perfectly when using Github as connection but when using google-oauth2
it blows up complain about the prompt
param :|
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With