Auth0: Death by a Thousand APIs

Egmont BC (close)

Ok maybe this title is a bit crazy but I have just spent the last 3 days navigating the wondrous bounty of Auth0’s APIs and found some interesting bits.

  1. There are 2 frontend libraries, one for manual authentication simply called auth0-js and one for more automatic (but still kind of manual) authentication simply called auth0-lock or “lock” for short in the docs.
  2. There’s another library for nodejs that can be installed via npm called auth0 for more advanced user management on the backend, beyond authentication and clients managing their own data.
  3. The Dashboard and Documentation of Auth0 requires some heavy understanding of which libraries and APIs connect to which client ids, secrets, which require tokens etc…

Let’s discuss these points in detail:

  1. Ambiguity of front-end libraries

The manual auth0-js library has a quickstart guide for almost every JavaScript framework under the sun. However, these quickstarts fail to mention that when choosing this path, login options selected for the client via the dashboard are not reflected in the login flow.

Login options chosen via the dashboard only appear if explicitly coded, beyond the quickstart or if the “lock” library is used.

The lock library itself is lacking in documentation of how the redirect and popup flows are handled, I had to try both to finally determine which was best for my Vuejs SPA. Also ran into some issues with my router and the redirect option.

Some diagrams of the flows and when particular events occur would be greatly appreciated.

Once connected via “lock” I wasn’t sure which token to use for “auth” in order to query the user metadata… Very frustrating!

Nodejs library and impossible to find documentation

One thing about googling auth0 issues is that they seem to have something written for every issue so you get a lot of results from the official page. However this tends to bury most solutions in favor of official auth0 documentation. The links to issues raised in the forms don’t link directly, so you need to either view a cached version or click the google search result then search the forums again…

Even coming to the realization that my Nodejs auth0 library needed to connect via another “non-interactive client” was ambiguous.

Once I was finally connected via Nodejs, I discovered that I cannot update certain properties on the user model such as picture. The whole reason I connected via Nodejs in the first place…

Dashboard and documentation jumble

Another issue with Auth0 is that the documentation and dashboard are disconnected. This is completely fine, however the dashboard should make clear:

CLIENT -> LIBRARY -> DOCUMENTATION

Instead I’m running around with 3 different tabs and not sure which library goes with which client and which documentation.

Again I would suggest some diagrams of popular use cases that specifically connect the steps needed to create the appropriate clients, the libraries involved and the documentation.

I am still using the auto-generated Nodejs documentation from GitHub because I have no idea where any other comprehensive documentation can be found.

Summary

If you made it this far, you might be deterred. Auth0 is a great service and is intended to simplify a lot of the headaches around authentication. However, the project suffers from a brevity of on-boarding.

It was simply not clear what libraries were available and what their use cases were, so I dove in with the quickstart and while trying to enable options on the dashboard became thoroughly confused why nothing was showing up.

Auth0 please take some time to provide some clear use cases for your several libraries and on-board users with the appropriate choice for their project.

Like what you read? Give Matt Lockyer a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.