Auth0

Curiosity supports User Management via Auth0 Single Sign-In (SSO). Rather than maintaining names, email addresses, and passwords for Users that may log into the application, you can connect with accounts that already exist in your Auth0 application (meaning that Users are not burdened with yet another password to remember).

To do so, you require four pieces of information:

  • an Auth0 "Domain"

  • an "Authorization Server Name"

  • a "Client ID"

  • a "Client Secret"

It is presumed that you already have an Auth0 account that you will be configuring to enable Curiosity SSO and that you have administrative privileges to make the changes to the Auth0 account. It is also presumed that you have an administrator account for your Curiosity application.

(If you are in the technical evaluation phase with Curiosity or Auth0 , Auth0 has a free trial option available at Welcome to Auth0! that may be of interest if you do not already use Auth0*)*

Creating an Auth0 application

Go to your Auth0 Management Console, it will have a URL that looks something like the following:

https://manage.auth0.com/dashboard/eu/dev-8cq1ms21/

Ensure that you are logged in with an account that has access to make changes. If you are uncertain then try to follow the steps below and talk to your administrator if any of them result in any "unable to access" or "access denied" error.

Click on "Applications" in the left bar list, then "Create Application"

Enter a name such as "Curiosity SSO", then select the "Regular Web Applications" option and click Create.

Your application will be created. Click then on the "Settings" tab:

You need to tell the SSO process how to get back to Curiosity after a successful login, which is the purpose of the "Allowed Callback URLs" entry. The format of the URI is:

{domain}/api/auth0sso/completed-login-attempt

If your Curiosity application is hosted by us then it will look something like this:

https://acmecompany.curiosity.ai/api/auth0sso/completed-login-attempt

If you have installed a local instance of the application with the default settings then it will look like this:

**http://localhost:8080/api/auth0sso/completed-login-attempt**

Set the "Allowed Callback URLs" entry to the appropriate value:

You should also configure the "Allowed Web Origins" option to point to the domain of your Curiosity instance.

Scroll all the way to the bottom of the page, and click "Save Changes".

You now have an Auth0 application configured. You should copy the values from the settings so you can configure it on your Curiosity instance.

(The Client ID will be a string around twenty characters long, consisting of lower case letters and numbers. The Client Secret will be a longer value, consisting of upper and lower case letters, numbers, and symbols.)

Entering the details into Curiosity

Click the menu button at the top left, then click "Settings", then "Accounts" and then "Single Sign-On".

(If you don't see a "Single Sign-On" option and the only item under "Accounts" is "Profile" then you are not logged into Curiosity with an administrator account)

Click "Auth0" and then enter the Domain, Authorization Server Name, Client ID, and Client Secret.

Click "Save".

Auth0 SSO is now configured for this application.

To test it, log out (by clicking the user name at the top right and then clicking "Logout" in the panel that appears). The log in screen will now present a "Log in with Auth0" option.

Click "Log in with Auth0" and you will be redirected to an Auth0 page where you can enter credentials for an account related to the Auth0 application.

Click "Sign In" and you will be redirected back to the Curiosity application as a logged-in User relating to the email address that you specified.

If a User account does not exist in Curiosity for the email that you chose then one will automatically be created (so that it is possible for the Curiosity application administrators to set access rights and permissions). The email and name from the Auth0 account will be used to populate the account in the Curiosity application. If a User account already existed for the specified email then any permissions that have been set in will not be altered but the name will be updated if the name in the Auth0 account does not match the name in the Curiosity User account.

Removing the "Log in with Auth0" option

If you wish to remove Auth0 SSO as an option for your Curiosity application then go back to Menu / Settings / Accounts / Single Sign-On / Auth0, clear the "Domain" text, and click Save. This will remove all four pieces of SSO configuration from the Curiosity application and the "Log in with Auth0" option will no longer be presented.

Troubleshooting

You must enter the Domain, Authorization Server Name, Client ID, and Client Secret values correctly. If any of them are wrong then you may experience one of the following:

  • If the Domain, Authorization Server Name, or Client ID are wrong then you will be shown an error from Auth0 as soon as you are redirected from Curiosity to Auth0.

  • If the first three values are correct but the Client Secret is wrong then you will be able to select an account but you will receive an error when you are redirected back to Curiosity.

It is also of vital importance that the "Redirect URI" that you set in the Auth0 application earlier was correct. If it is not then you will receive an error when you are directed to the Auth0 login page.

Last updated