Warning: This is a Work In Progress and not yet fully validated.

Auth0

Overview

We have a partnership with Auth0 to provide Identity-as-a-Service.

There are 4 tenants to match each of our environments. Each tenant is configured manually, although they should be as similar to one another as possible.

The tenants by name:

• fp-production - for fightpandemics.com
• fp-staging - for staging.fightpandemics.work
• fp-review - for *.fightpandemics.xyz; emails (verification, change password) won't work properly due to variable review environment subdomain (QA of anything affecting involving emails should be done in staging only)
• fightpandemics - for development.fightpandemics.online as well as local development; there is an open ticket to mock the auth for local development so only those working on auth-specific features need secrets for Auth0 (we also have separate free account/tenant currently used by most developers, but aim to migrate to this one eventually)

There is one regular web application configured per tenant. This means that all authentication is done through the Node.js backend (as opposed to directly from each client application - web, iOS, Android etc).

Currently we support (or plan to support) these Auth0 connections:

• Database (e.g. Email & Password)
• Social:
  • Facebook
  • Google
  • LinkedIn
  • (PLANNED) Apple

We have a separate GitHub repo for Auth0 specific email templates & rules.

Administration

There are two levels

Emails

Emails sent via Auth0 include email verification, welcome & change password.

In the review environment there is no redirects due to the wildcard subdomain & we've enabled only the the verification email. All emails are enabled in the other environments and all should redirect properly.