Integrate with Auth0

This describes how to set up BindID as a passwordless authentication solution for your Auth0 instance.

Step 1: Configure BindID

To integrate BindID with your Auth0 instance, you'll need to configure an application in the BindID Admin Portal (see Admin Portal: Get Started). You can either create a new application or use one that you already created.

From Applications, here is the basic client setup that is required for your application:

• Set the allowed redirect URIs—Specify the page to which users are redirected after BindID authentication. This corresponds to an Auth0 callback URL:

  https://YOUR_DOMAIN/login/callback

  where YOUR_DOMAIN is your Auth0 tenant domain.

• Get your BindID credentials—Obtain the client ID and client secret used to identify your application to the BindID Service. You'll need to provide these credentials to Auth0.

Step 2: Set Up BindID Connection

To add a BindID authentication option to your Auth0 login page, create a custom Social Connection for BindID.

From your Auth0 Dashboard:

1. From Authentication > Social, click Create Connection.

2. From the New Social Connection page, scroll down to the bottom and click Create Custom.

3. Configure the general connection settings described below:

   Field	Description
   Connection Name	Name of the custom social connection to BindID, such as "bindid-idp".
   Authorization URL	Should be set to https://signin.bindid-sandbox.io/authorize.
   Token URL	Should be set to https://signin.bindid-sandbox.io/token
   Scope	Should be set to openid
   Client ID	Should be set to the BindID Client ID retrieved in Step 1
   Client Secret	Should be set to the BindID Client Secret retrieved in Step 1

4. For Fetch User Profile Script, enter the script below.

   function(accessToken, ctx, cb) {

   request({

   method: 'GET',

   url: 'https://signin.bindid-sandbox.io/userinfo',

   headers: {

   Authorization: 'Bearer ' + accessToken

   }

   }, (err, resp, body) => {

   if (err) {

   return cb(err);

   }

   if (resp.statusCode !== 200) {

   return cb(new Error(body));

   }

   let userInfo;

   try {

   userInfo = JSON.parse(body);

   } catch (jsonError) {

   return cb(new Error(body));

   }

   const profile = {

   user_id: userInfo.sub,

   access_token: accessToken

   };

   cb(null, profile);

   });

   }

5. Click Create to create the new connection.

6. From the Applications tab of the connection page (which appears directly upon creating your new connection), enable your connection for the desired Applications (at least one).

Step 3: Customize Login Button

Optionally, you can customize the BindID login button that appears on the Auth0 login page. To update the icon and display name for the button (e.g., "Passwordless Login"), follow these steps.

Step 4: Install BindID Extension

Add user account linking to link BindID users to existing identities in Auth0 based on email address. Upon completing a BindID authentication, the user will have an option to link accounts if the BindID user isn't already linked to one. To set up account linking, start by installing the BindID-Auth0 Account Link extension, which will also add the relevant rule and interface.

From your Auth0 Dashboard:

1. From Extensions, click Create Extension.

2. For the GitHub Url, enter the following URL and then click Continue:

   https://github.com/TransmitSecurity/auth0-bindid-account-link-extension

3. Click Install to install the extension.

Step 5: Set Linkable Connections

Configure which of your connections may be used to link BindID users to existing Auth0 identities (such as Auth0 or Google). When a user selects to link their account, they will be able to choose from one of these connections.

From your Auth0 Dashboard:

1. From Rules, under Auth Pipeline, add a key-value pair with bindid_account_link_config as the key and a JSON object (with the properties below) as the value:

   Property	Description	Type
   bindid_connection	Name of the custom Social Connection created for BindID in Step 2 (e.g., bindid-idp).	String
   linkable_connections	Array of connections that will be available to the user for BindID account linking. A connection is referenced by the Social Connection name for social connections, or by Username-Password-Authentication for the Auth0 connection.	Array of Strings
   bindid_client_id	BindID Client ID obtained in Step 1.	String
   bindid_client_secret	BindID Client Secret obtained in Step 1.	String
   bindid_api_url	Base URL of the BindID Session Feedback API, which will be used to attach an Alias to the user in the BindID system after successful account linking. This should be set to https://api.bindid-sandbox.io for BindID sandbox.	String

   For example:

   {

   "bindid_connection": "bindid-idp",

   "linkable_connections": [

   "Username-Password-Authentication",

   "google-oauth2"

   ],

   "bindid_client_id": "bid_demo_acme",

   "bindid_client_secret": "demo-client-secret",

   "bindid_api_url": "https://api.bindid-sandbox.io"

   }

2. Click + Add to add the key-value pair to the settings.

Step 6: Update Login Page

To control which connections may be used for account linking, add the following to the Universal Login Page configuration.

From your Auth0 Dashboard:

1. From Branding > Universal Login, click the Login tab.

2. Make sure that the Customize Login Page toggle is on.

3. Add the following to the HTML:

   • Define the allowed connections at the end of the variable definition section in the script:

     var allowedConnections = config.extraParams.allowed_connections || "";

   • Add the following field to the Auth0Lock options (and override it if it already exists):

     allowedConnections: allowedConnections ? allowedConnections.split(',') : null,

4. Click Save Changes to save your updates to the login page.

Step 7: Test Your Integration

Once you complete your BindID integration with Auth0, test your integration using the Auth0 Dashboard. From Getting Started, under Try your Login box, click Try it out and perform the basic flow described below.

An existing Auth0 user logs into BindID for the first time:

1. The Login Page should display a BindID login button.
2. Click the BindID login button, which will initiate a BindID authentication flow.
3. Upon completing the BindID authentication, the user should have an option to link to one of the options you configured in Step 5.
4. Click one of the alternative options, and login with the User.
5. You should see a confirmation that your user is authenticated and linked.
6. From the Auth0 User page, you can see that both accounts are associated with the same user profile.

An existing Auth0 user logs into BindID for the second time:

1. Remove all the Auth0 site cookies.
2. Login again with BindID.
3. Upon completing the BindID authentication, the user should not have to do the account linking again.