What is OAuth
OAuth is an open-standard authorization protocol. For example, you can login to any site(BBC) without keep separate username and password for that & login with Facebook or Google. Since Facebook knows your identity it allows access to BBC site. Facebook act as a authorization server & use authorization token for granting access.
What is AuthO
AuthO is 3rd party tool providing Authentication & Authorization as a service. With AuthO developers and companies can secure their applications without having to become security experts. AuthO provides simple & secured login for any type of platform & any type of devices. AuthO is free up to 1000 external users. For Enterprise level configuration developers or companies have to get a subscription.
Authentication and Authorization implementation is not an easy Task .When it comes to different type of devices, technologies and platforms, it will take lot of time to research and Development using different Technologies. AuthO will simplify the work and Provide Many Built-in services.
Some Features provided by AuthO
Auth0 supports industry standards such as SAML, OpenID Connect, JSON Web Token, OAuth 2.0, OAuth 1.0a, WS-Federation and OpenID.
Enhanced security to your application. With Auth0 you can enable Multi factor Authentication in minutes.
Single Sign On
Let your users log into multiple applications just once by following some simple steps.
Simplify registrations and logins for end users allowing them to use existing login information from their favorite social network provider.
Auth0 allows you to authenticate and authorize apps and APIs with any identity provider running on any stack on any device or cloud.
Main Components of Auth0:
Account / Tenants
can be created either using username and password or log in with a social provider (Facebook, Google). be used to create your personal domain
you create a new account with Auth0, you are asked to pick a name for your tenant. This name, appended with auth0.com, will be your Auth0 domain.
app(s) that will be using our services. To that end, you must register each application.
When you create an application in the Dashboard, the first piece of information we ask for is its type. This can be one of the following.
Each application is assigned a Client ID upon creation. This is an alphanumeric string and it?s the unique identifier for your application (such as 1tZGdTQyGaTUA). It cannot be modified and you will be using it in your application?s code when you call Auth0 APIs.
Another important piece of information is the Client Secret. Think of it as your application?s password which must be kept confidential at all times. If anyone gains access to your Client Secret they can impersonate your application and access protected resources.
Auth0 sits between your app and the identity provider that authenticates your users (such as Google or Facebook). Through this level of abstraction, Auth0 keeps your app isolated from any changes of the provider?s implementation.
This relationship between Auth0 and the identity provider is referred to as a Connection.
Connections are sources of users and they can be of the following types:
- Database connections: Users log in with username and passwords, stored either in the Auth0 cloud or your own database
- Social logins: Google, Facebook, Twitter, and more
- Enterprise directories: LDAP, G Suite, Office 365, ADFS, AD, SAML-P, WS-Federation, and more
- Passwordless systems: Users log in with one-time codes, sent via SMS or email
Dashboard :manage all aspects of Auth0 account and configuration in one place
I will show how .NET BackEnd-Api can be secured via AuthO. Once you create free account on AuthO goto API section as below. Then click button on Create Api
Create a .NET API application which you want to secure. In the Startup class you have to configure following with your identifier. you can host this api on a server or you can use local environment.
You can receive access token by postman or creating an app on any platform
You will receive access token from the authO server which can be authenticate with the API.
Now you can send the access token with the API which you want to secure.