Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get a JWT from Auth0 hosted login

Tags:

jwt

auth0

According to the "tutorial" (the docs themseleves say nothing) Auth0 should set a JWT for me on login, but it's not clear what it means by this. How do I get that JWT?

We already have a login flow in place that uses a hosted page that is accessed through a CNAME CNAME.example.com. Following this process:

  1. I go to example.com/login
  2. I am redirected to the CNAME CNAME.example.com/authorize?...
  3. Then again to CNAME.example.com/login
  4. Username and Password are POSTed to CNAME.example.com/usernamepassword/login
  5. This returns a form containing the JWT and automatically POSTs to CNAME.example.com/login/callback
  6. This then redirects back to our main site example.com/langing-page but the JWT is not received here.

Because it's a CNAME, Auth0 would be able to set an HTTP Only, Secure cookie for our domain, that would be enough.

I've only just jumped on this project and understand that if it was built from scratch we could use the API directly to get the JWT but I can't work out how to do it for the existing flow.

I'm sure we're missing something simple, but the documentation is not forthcoming. Do I need to do a login via the API instead?

EDITED: To clarify the login flow exists and works using a hosted page on auth0, I need to get the JWT after the user has logged in.

MORE INFO: We're using the Auth0 WordPress Plugin which correctly logs us in as the right user (as well as helps us create new users) but does not seem to expose the JWT. That page does mention getting JWTs but refers to the deprecated wp-jwt-auth plugin

like image 637
DanielM Avatar asked Oct 27 '25 09:10

DanielM

1 Answers

The links provided is for general information about JWT's; for accomplishing an authentication through Auth0 there are better suited documentation. In particular, you should start with the quickstarts (https://auth0.com/docs/quickstarts) to check if there's any that is directly associated with the application and stack you're building.

In addition to that, you can also check the docs associated more with protocol flows (assuming you want OIDC/OAuth 2.0): https://auth0.com/docs/api-auth/which-oauth-flow-to-use

The above should guide you about which flow to use and then for each you can follow the links to have a better understanding of how the flow can be implemented.

As an additional note the /login endpoint should be treated as an implementation detail; for OIDC/OAuth 2.0 you need to start the request at /authorize.

like image 150
João Angelo Avatar answered Oct 29 '25 23:10

João Angelo
Sign in to Comment

Related questions

How to use 'jsonwebtoken' library to generate a JWT token in Nuxt 3?
Spring Security config cyclic dependency error
How can JWT be verified outside the authorization server
Handle previous jwt token where new jwt token also genrated for the same credential and security
Implementing JWT on Rails
How to debug Spring Security Oath2 and Jwt for knowing how it work

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!