Auth0 provides a highly secure backend for storing and managing user data and access to features such as user registration, deletion, password-less login, social-login, and much more.
GeniePy uses this Auth0-based backend to provide secure user-management in your application.
Description
User data is sensitive. And as website owners, we should be careful about where and how this data is being stored and kept safe.
Auth0 focuses on solving this problem and provides a way for your application to store user data with them in a secure manner. On top of this, they provide access to a ton of features such as registration, login / logout, deletion, social-login (eg. logging in using Google, Facebook, etc.) which can be enabled in a few simple steps.
GeniePy ships with code that delegates all user-management features to Auth0.
Setup
Auth0 setup requires a few bits to be in place. Let's go through them one by one.
1. Sign up
The first step, of course, is to sign up for an Auth0 account.
2. Create a Tenant
Next, create a tenant in your account if you don't already have one. You would likely create separate tenants for different environments of your application (development, staging, production, etc.).
3. Create an Application
Next, create an application in your account. Make sure to select "Regular Web Applications" as the application type in the creation modal.
Next, configure callback URLs for the application you just created as shown in the following screenshot.
If you're developing locally, these URLs would start with "http://localhost:9001". For your production application deployment use your production domain name as the base URL instead.
4. Configure Management API
Finally, authorize the Auth0 Management API to be able to access the application you just created. This API should already be there after you created your account. We just need to add a little bit of configuration to it.
Visit "Applications -> APIs -> Auth0 Management API -> Machine to Machine Applications" and:
- check the "Authorized" checkbox against the application you created in the previous step, and
- expand the application and select (at least) the "user" permissions so this API can access the users
Configuration
As with everything else, GeniePy expects a few environment variables to be able to talk to Auth0.
AUTH0_DOMAIN: domain for your applicationAUTH0_CLIENT_ID: client ID for your applicationAUTH0_CLIENT_SECRET: client secret for your application
You can copy the values of all these environment variables from the application settings. Visit "Dashboard -> Applications -> Application -> [Your Application] -> Settings".
That should be it! After you've gone through the setup and configuration steps above, restart your application and you should be able to work with users hosted on Auth0.
FAQ
1. Enabling Staff users
It's often helpful to distinguish between the types of users accessing your application. For instance, your company's employees might need access to internal sections of your application which the regular end-users must not see.
GeniePy supports this use-case as well.
To mark a user as staff, visit "Dashboard -> User Management -> Users" and find the user you want to upgrade. Edit their app_metadata field to include the following:
{
"is_staff": true
}
The next time they log in to your application, they'll be treated as staff users.