Auth0: Death by a Thousand APIs
Ok maybe this title is a bit crazy but I have just spent the last 3 days navigating the wondrous bounty of Auth0’s APIs and found some interesting bits.
- There are 2 frontend libraries, one for manual authentication simply called
auth0-jsand one for more automatic (but still kind of manual) authentication simply called
auth0-lockor “lock” for short in the docs.
- There’s another library for nodejs that can be installed via npm called
auth0for more advanced user management on the backend, beyond authentication and clients managing their own data.
- The Dashboard and Documentation of Auth0 requires some heavy understanding of which libraries and APIs connect to which client ids, secrets, which require tokens etc…
Let’s discuss these points in detail:
- Ambiguity of front-end libraries
Login options chosen via the dashboard only appear if explicitly coded, beyond the quickstart or if the “lock” library is used.
The lock library itself is lacking in documentation of how the redirect and popup flows are handled, I had to try both to finally determine which was best for my Vuejs SPA. Also ran into some issues with my router and the redirect option.
Some diagrams of the flows and when particular events occur would be greatly appreciated.
Once connected via “lock” I wasn’t sure which token to use for “auth” in order to query the user metadata… Very frustrating!
Nodejs library and impossible to find documentation
One thing about googling auth0 issues is that they seem to have something written for every issue so you get a lot of results from the official page. However this tends to bury most solutions in favor of official auth0 documentation. The links to issues raised in the forms don’t link directly, so you need to either view a cached version or click the google search result then search the forums again…
Even coming to the realization that my Nodejs auth0 library needed to connect via another “non-interactive client” was ambiguous.
Once I was finally connected via Nodejs, I discovered that I cannot update certain properties on the user model such as picture. The whole reason I connected via Nodejs in the first place…
Dashboard and documentation jumble
Another issue with Auth0 is that the documentation and dashboard are disconnected. This is completely fine, however the dashboard should make clear:
CLIENT -> LIBRARY -> DOCUMENTATION
Instead I’m running around with 3 different tabs and not sure which library goes with which client and which documentation.
Again I would suggest some diagrams of popular use cases that specifically connect the steps needed to create the appropriate clients, the libraries involved and the documentation.
I am still using the auto-generated Nodejs documentation from GitHub because I have no idea where any other comprehensive documentation can be found.
If you made it this far, you might be deterred. Auth0 is a great service and is intended to simplify a lot of the headaches around authentication. However, the project suffers from a brevity of on-boarding.
It was simply not clear what libraries were available and what their use cases were, so I dove in with the quickstart and while trying to enable options on the dashboard became thoroughly confused why nothing was showing up.
Auth0 please take some time to provide some clear use cases for your several libraries and on-board users with the appropriate choice for their project.