Daniel Nord

icon company @capraconsulting icon location Norway icon location I am a enthusiastic and dedicated computer geek. Working since 1999 as a Java/Kotlin professional in the Oslo area.

Results 37 comments of Daniel Nord

Mechanism for SPA to discover auth0 login url

@travisghansen thanx for your feedback, whats your experience of your solution? are you happy and its working fine or would you solve it in another way now in hindsight?

Mechanism for SPA to discover auth0 login url

from what I have thinking is that it would be nice for the client to receive the authentication-url for where to go to do the authentication from the auth-server backend,...

Mechanism for SPA to discover auth0 login url

what is the content of the `realm/scope` information you return to the client?

Mechanism for SPA to discover auth0 login url

As described in RFC-6750 https://tools.ietf.org/html/rfc6750#section-3 (The OAuth 2.0 Authorization Framework: Bearer Token Usage) the Oauth2 specification has described the proper response from a protected resource server. 1. Example providing error...

Mechanism for SPA to discover auth0 login url

Note the phrase *Other auth-param attributes MAY be used as well* in the spec. I think a possible way to stay as close to the spec could be something like...

Mechanism for SPA to discover auth0 login url

Something like ``` HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer realm="app.example.com", error="insufficient_scope", error_description="Missing scope 'whoami:read' to access application." scope="whoami:read" auth_server="https://auth.domain.com/login?redirect=&state=" ```

Mechanism for SPA to discover auth0 login url

It also seems that at least the HTTP/1.1 spec (https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47) is open using multiple WWW-Authenticate headers, and possibly multiple auth-schemas in one header. Auth-Schemas is extendable so another approach could...

Mechanism for SPA to discover auth0 login url

Nothing really :) it seems like both approaches with adding the url to the login server as a custom attribute on the Bearer auth-schema and also the other approach of...

New endpoint Signout

Signout endpoint implemented. Calling auth.example.com/signout will remove cookie from browser and call /logout endoint in Auth0. Afterwards it will redirect to return url if set in tenant, and in `return-to:...

Design new, nice looking http status page for displaying messages to user.

no logo, but as font/styles/text/background. check out https://www.google.no/search?q=keycloak&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjfga7ekO_kAhXE-ioKHeeLBsoQ_AUIESgB&biw=2048&bih=1019&dpr=1.25#imgrc=nFgAG0CTbBGxwM: or maybe https://www.google.no/search?q=keycloak&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjfga7ekO_kAhXE-ioKHeeLBsoQ_AUIESgB&biw=2048&bih=1019&dpr=1.25#imgrc=LL-HKKWGnLGToM: