Re: Sign-in with social accounts

[Greg Keogh]

>
> And before you start paying for alternatives, please check out Azure B2C
> as I mentioned and see if it will do what you need. I’m constantly
> fascinated by projects where I see people buying tools that they already
> have a usable tool.
>

Oh yeah! I always like to use pre-supplied stuff before going shopping.
I've been browsing around the customer's Pay-as-You-Go subscription portal
and I can't even find any AD related items?! I thought every subscription
had an AD associated with it. Oh well, I'll just keep reading... *GK*

RE: Sign-in with social accounts

[Dr Greg Low]

And before you start paying for alternatives, please check out Azure B2C as I 
mentioned and see if it will do what you need. I’m constantly fascinated by 
projects where I see people buying tools that they already have a usable tool.

For each Azure AD user (and I presume you already have some), you can use quite 
a lot of B2C users without additional cost.

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: https://sqldownunder.com 
|https://greglow.me

From: ozdotnet-boun...@ozdotnet.com  On Behalf 
Of Nick Randolph
Sent: Monday, 26 April 2021 11:33 AM
To: ozDotNet 
Subject: RE: Sign-in with social accounts

Hi Greg,

I’m interested to understand why you think that “geared towards APIs” is a bad 
thing. I understand that the first thing developers typically want to do is 
authenticate users so that they can open the front door and get in the app. 
However, this is meaningless if you don’t then use the issued token when 
connecting to the backend APIs. This is the reason that AuthO focusses on the 
API side of things – they’re attempting to ensure developers build their 
authentication in a way that the issued token can just be presented as part of 
calls to the backend API.

Hope this makes sense?

Nick Randolph | Built to Roam Pty Ltd | Co-Founder, Technical Director | +61 
412 413 425 | 1300 613 140 | 
www.builttoroam.com
The information contained in this email is confidential. If you are not the 
intended recipient, you may not disclose or use the information in this email 
in any way. Built to Roam Pty Ltd does not guarantee the integrity of any 
emails or attached files. The views or opinions expressed are the author's own 
and may not reflect the views or opinions of Built to Roam Pty Ltd.

From: ozdotnet-boun...@ozdotnet.com 
mailto:ozdotnet-boun...@ozdotnet.com>> On Behalf 
Of Greg Keogh
Sent: Monday, 26 April 2021 11:29 AM
To: ozDotNet mailto:ozdotnet@ozdotnet.com>>
Subject: Re: Sign-in with social accounts

Thanks everyone, I'll go off and do the research now. If I make any startling 
discoveries in coming weeks I'll report back in case it helps others attempting 
SSO.

GK

P.S. I did try Auth0 about 4 years ago, but it was so over-featured and geared 
towards "APIs" that I couldn't identify the possibly useful bits of it. And the 
documentation was so full of jargon and assumptions that it would have quicker 
to learn advanced homological algebra.

Re: Sign-in with social accounts

[Greg Keogh]

It's been a few years now and it's a bit hazy ... but I only wanted to use
the authentication feature and had no need for fine-grained control over
who could call which API methods. You either authenticated into the app, or
not. I was led into all these configuration screens to register API details
that I had no interest in (that's what I thought). I was also interested in
server-side authentication and making a custom sign-in screen (not their
drop-in simple one) and I couldn't understand the documentation.

I guess I was either attempting to "misuse" Auth0 or I had incorrect
preconceptions or how it was supposed to work. In any case, it was wasting
too much time and it dropped off the bottom of the priority list.

Now that SSO has reared its head again, I might look at Auth0 again and try
to get into their mindset.


*Greg*

>

RE: Sign-in with social accounts

[Nick Randolph]

Hi Greg,

I’m interested to understand why you think that “geared towards APIs” is a bad 
thing. I understand that the first thing developers typically want to do is 
authenticate users so that they can open the front door and get in the app. 
However, this is meaningless if you don’t then use the issued token when 
connecting to the backend APIs. This is the reason that AuthO focusses on the 
API side of things – they’re attempting to ensure developers build their 
authentication in a way that the issued token can just be presented as part of 
calls to the backend API.

Hope this makes sense?

Nick Randolph | Built to Roam Pty Ltd | Co-Founder, Technical Director | +61 
412 413 425 | 1300 613 140 | 
www.builttoroam.com
The information contained in this email is confidential. If you are not the 
intended recipient, you may not disclose or use the information in this email 
in any way. Built to Roam Pty Ltd does not guarantee the integrity of any 
emails or attached files. The views or opinions expressed are the author's own 
and may not reflect the views or opinions of Built to Roam Pty Ltd.

From: ozdotnet-boun...@ozdotnet.com  On Behalf 
Of Greg Keogh
Sent: Monday, 26 April 2021 11:29 AM
To: ozDotNet 
Subject: Re: Sign-in with social accounts

Thanks everyone, I'll go off and do the research now. If I make any startling 
discoveries in coming weeks I'll report back in case it helps others attempting 
SSO.

GK

P.S. I did try Auth0 about 4 years ago, but it was so over-featured and geared 
towards "APIs" that I couldn't identify the possibly useful bits of it. And the 
documentation was so full of jargon and assumptions that it would have quicker 
to learn advanced homological algebra.

Re: Sign-in with social accounts

[Greg Keogh]

Thanks everyone, I'll go off and do the research now. If I make any
startling discoveries in coming weeks I'll report back in case it helps
others attempting SSO.

*GK*

P.S. I did try Auth0 about 4 years ago, but it was so over-featured and
geared towards "APIs" that I couldn't identify the possibly useful bits of
it. And the documentation was so full of jargon and assumptions that it
would have quicker to learn advanced homological algebra.

>

Re: Sign-in with social accounts

[David Connors]

If it is a corporate app and in Azure - just go to the App Service and turn
on Easy Auth. One Click. Job Done. We use it everywhere and it is great.

If it is for a large number of users, then follow the advice of others on
this thread.

David Connors
da...@connors.com | M +61 417 189 363
Telegram: https://t.me/davidconnors
LinkedIn: http://au.linkedin.com/in/davidjohnconnors



On Mon, 26 Apr 2021 at 09:50, kirsten greed  wrote:

> Hi Greg
>
> This might be worth looking into
> https://workos.com/
>
> I listened to
>
> https://softwareengineeringdaily.com/2021/04/05/workos-making-enterprise-ready-apps-with-michael-grinich/?utm_source=rss_medium=rss_campaign=workos-making-enterprise-ready-apps-with-michael-grinich
>
> On Mon, Apr 26, 2021 at 9:40 AM djones147  wrote:
>
>> Hi
>>
>> It's fairly straight forward. You register on the provider sire and they
>> supply you with a token. This token you send when you ask for the remote
>> login. And then they redirect to a failed or successful login.
>>
>> So asp.net is fine you have a public return address.
>>
>> With wpf and the ilk you need to redirect to a page on the server and
>> store that success/fail code with an identifier then fetch that back with
>> the client later.
>>
>> Some providers don't send back a provided id. But you can fake this by
>> sending the success/fail to a different url for each user.   Ex a different
>> route for each client.
>>
>> It's not hard to do at all, but can seem like you don't have a handle on
>> it until it all works.
>>
>> Hth Davy.
>>
>>
>>
>> Sent from my Galaxy
>>
>>
>>  Original message 
>> From: Greg Keogh 
>> Date: 26/04/2021 00:59 (GMT+01:00)
>> To: ozDotNet 
>> Subject: Sign-in with social accounts
>>
>> Folks, we have some old apps with their own simple credentials databases
>> containing user, password, login count, permissions, etc. They're classic
>> old fashioned systems.
>>
>> Increasing numbers of apps let you sign-in with your Facebook, Google,
>> Microsoft, etc account these days. This is really convenient, and the
>> security burden is taken by someone else.
>>
>> How can our apps participate in a social sign-in option? Has anyone done
>> this? I imagine some terrible obstacles...
>>
>> ? Apps would have to be registered with the various various companies.
>> ? The client apps might be WPF, Xamarin, Blazor or ASP.NET, so how would
>> they hook into the sign-in process.
>> ? Each company might return different types of tokens or even follow
>> different conventions.
>>
>> *Greg K*
>>
>

Re: Sign-in with social accounts

[kirsten greed]

Hi Greg

This might be worth looking into
https://workos.com/

I listened to
https://softwareengineeringdaily.com/2021/04/05/workos-making-enterprise-ready-apps-with-michael-grinich/?utm_source=rss_medium=rss_campaign=workos-making-enterprise-ready-apps-with-michael-grinich

On Mon, Apr 26, 2021 at 9:40 AM djones147  wrote:

> Hi
>
> It's fairly straight forward. You register on the provider sire and they
> supply you with a token. This token you send when you ask for the remote
> login. And then they redirect to a failed or successful login.
>
> So asp.net is fine you have a public return address.
>
> With wpf and the ilk you need to redirect to a page on the server and
> store that success/fail code with an identifier then fetch that back with
> the client later.
>
> Some providers don't send back a provided id. But you can fake this by
> sending the success/fail to a different url for each user.   Ex a different
> route for each client.
>
> It's not hard to do at all, but can seem like you don't have a handle on
> it until it all works.
>
> Hth Davy.
>
>
>
> Sent from my Galaxy
>
>
>  Original message 
> From: Greg Keogh 
> Date: 26/04/2021 00:59 (GMT+01:00)
> To: ozDotNet 
> Subject: Sign-in with social accounts
>
> Folks, we have some old apps with their own simple credentials databases
> containing user, password, login count, permissions, etc. They're classic
> old fashioned systems.
>
> Increasing numbers of apps let you sign-in with your Facebook, Google,
> Microsoft, etc account these days. This is really convenient, and the
> security burden is taken by someone else.
>
> How can our apps participate in a social sign-in option? Has anyone done
> this? I imagine some terrible obstacles...
>
> ? Apps would have to be registered with the various various companies.
> ? The client apps might be WPF, Xamarin, Blazor or ASP.NET, so how would
> they hook into the sign-in process.
> ? Each company might return different types of tokens or even follow
> different conventions.
>
> *Greg K*
>

Re: Sign-in with social accounts

[Craig vN]

The easiest way is to use Auth0 (https://auth0.com/). It costs, but will
save a lot of hair.

On Mon, Apr 26, 2021 at 8:59 AM Greg Keogh  wrote:

> Folks, we have some old apps with their own simple credentials databases
> containing user, password, login count, permissions, etc. They're classic
> old fashioned systems.
>
> Increasing numbers of apps let you sign-in with your Facebook, Google,
> Microsoft, etc account these days. This is really convenient, and the
> security burden is taken by someone else.
>
> How can our apps participate in a social sign-in option? Has anyone done
> this? I imagine some terrible obstacles...
>
> ? Apps would have to be registered with the various various companies.
> ? The client apps might be WPF, Xamarin, Blazor or ASP.NET, so how would
> they hook into the sign-in process.
> ? Each company might return different types of tokens or even follow
> different conventions.
>
> *Greg K*
>

RE: Sign-in with social accounts

[Dr Greg Low]

Hi Greg,

I’d suggest, for a start, taking a detailed look at Azure AD B2C.

Presuming you already have Azure AD for some other purpose, this might be just 
what you need. Most of these modern auth providers make it easy to use a 
variety of alternate login methods.

Check out some videos on it, but there are also plenty of samples e.g. 
https://github.com/azure-ad-b2c/samples

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: https://sqldownunder.com 
|https://greglow.me

From: ozdotnet-boun...@ozdotnet.com  On Behalf 
Of Greg Keogh
Sent: Monday, 26 April 2021 8:59 AM
To: ozDotNet 
Subject: Sign-in with social accounts

Folks, we have some old apps with their own simple credentials databases 
containing user, password, login count, permissions, etc. They're classic old 
fashioned systems.

Increasing numbers of apps let you sign-in with your Facebook, Google, 
Microsoft, etc account these days. This is really convenient, and the security 
burden is taken by someone else.

How can our apps participate in a social sign-in option? Has anyone done this? 
I imagine some terrible obstacles...

? Apps would have to be registered with the various various companies.
? The client apps might be WPF, Xamarin, Blazor or ASP.NET, so 
how would they hook into the sign-in process.
? Each company might return different types of tokens or even follow different 
conventions.

Greg K

Sign-in with social accounts

[Greg Keogh]

Folks, we have some old apps with their own simple credentials databases
containing user, password, login count, permissions, etc. They're classic
old fashioned systems.

Increasing numbers of apps let you sign-in with your Facebook, Google,
Microsoft, etc account these days. This is really convenient, and the
security burden is taken by someone else.

How can our apps participate in a social sign-in option? Has anyone done
this? I imagine some terrible obstacles...

? Apps would have to be registered with the various various companies.
? The client apps might be WPF, Xamarin, Blazor or ASP.NET, so how would
they hook into the sign-in process.
? Each company might return different types of tokens or even follow
different conventions.

*Greg K*