{"_id":"56ecce4c1484f1170021d57d","user":"56e4c5462d90970e00af1af3","parentDoc":null,"project":"56e4c56bcc9b140e003e86a8","version":{"_id":"56e4c56ccc9b140e003e86ab","__v":4,"hasDoc":true,"project":"56e4c56bcc9b140e003e86a8","hasReference":true,"createdAt":"2016-03-13T01:42:04.131Z","releaseDate":"2016-03-13T01:42:04.131Z","categories":["56e4c56ccc9b140e003e86ac","56e5e17fd6d5513200761165","56e5e2acd1303329002ea781","56ec6dc12400d20e0075ba21"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"githubsync":"","__v":23,"category":{"_id":"56e5e2acd1303329002ea781","project":"56e4c56bcc9b140e003e86a8","pages":["56ec672c2400d20e0075ba0c","56ec679a3b656b0e00d861d1","56ec67de04e8940e009664f2","56ecc61d849b230e00df43f3","56ecce4c1484f1170021d57d","56ecd4f37f94882900591943"],"version":"56e4c56ccc9b140e003e86ab","__v":6,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-03-13T21:59:08.172Z","from_sync":false,"order":1,"slug":"installation","title":"Administrator Guide"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-03-19T03:58:04.067Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":5,"body":"Authentication is handled by [Auth0](https://auth0.com/) cloud service. The free plan is more than enough for most scenarios and Requarks doesn't require any features specific to paid plans. We believe this is the most secure and flexible option.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Why Auth0?\"\n}\n[/block]\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/cXhh4GLiRMioqP4M4pAV_logo.png\",\n        \"logo.png\",\n        \"462\",\n        \"168\",\n        \"#ec5424\",\n        \"\"\n      ],\n      \"sizing\": \"original\"\n    }\n  ]\n}\n[/block]\nNowadays, most users want to login using their existing credentials provided by social services, such as Google, Microsoft, Facebook, etc., while companies want to use their AD / LDAP logins. Implementing all these services can be tedious and complex, especially when it comes to maintaining them over time. [Auth0](https://auth0.com/) integrates most social, enterprise and local database connectors.\n\nAlso, for something as critical as security, it makes more sense to leave authentication to a well-known third-party which has security experts and implements the most secure and modern standards. Applications where the authentication process is handled internally usually lack on this point and quickly become vulnerable to security risks if not patched quickly.\n\nFinally, we wanted a service that was free to use. While companies may go toward paid plans for enterprise-level features, the majority of users won't need it.\n\nWe may implement a local authentication option in the future, but isn't planned for now.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Configuration\"\n}\n[/block]\n## 1. Create a new application\n\n1. If not done already, create an [Auth0](https://auth0.com/) account. The free plan is sufficient for most scenarios.\n2. From the Auth0 dashboard, click on **Applications** and create a **new application** (e.g. Requarks).\n3. Once the application is created, go to the **Settings** tab. Make note of the **Domain**, **Client ID** and **Client Secret**, we'll need them later.\n4. In the **Allowed Callback URLs** field, enter the full URL of the application followed by **/auth_callback** (e.g. http://my.domain.com/auth_callback ).\n5. In the **Allowed Logout URLs** field, enter the full URL of the application (e.g. http://my.domain.com/ )\n6. **Save** changes.\n\n## 2. Configure connections\n\n1. From the Auth0 dashboard, click on **Connections > Database** and create a **new DB connection**.\n2. Make sure the **Disable Sign Ups** option is active. Unless you have a sign-up workflow configured and proper security in place for new registrations, leaving this option off means anyone can register and use Requarks!\n3. Enable the application you created earlier to use this connection by activating the toggle under the **Application Using this Connection** section.\n4. *Optional* - Add and configure additional social / enterprise connections as needed. **The email address attribute is required.**\n[block:callout]\n{\n  \"type\": \"danger\",\n  \"title\": \"Use of an existing database\",\n  \"body\": \"You can use an existing database, used by other applications. However, make sure your other applications **do not conflict with, or modify user/app metadata** managed by Requarks. Doing so can result in strange behaviors or a broken installation.\"\n}\n[/block]\n## 3. Administrator account\n\nYou can either create a new account in the database connection you created earlier or choose to login using a social / enterprise connection to use as the administrator account:\n\n- **DB:** From the Auth0 dashboard, click on **Users** and create a **new User**. Fill in the details and use the database connection you created earlier.\n- **Social / Enterprise:** From the Auth0 dashboard, click on **Connections > Social / Enterprise**. Click on the **Try** button next to the connection you wish to use. You will be prompted to authorize the application you just created to login with your social / enterprise connection. Once logged in, the account will be added to the list of users.\n\nOnce the user is created / added, navigate to **Users**. Click on the newly added user, and under the **Identity Provider Attributes** section, make note of the **user_id** value, we'll need it later.\n\n## 4. Create API Token\n\nBrowse to [Auth0 API Explorer](https://auth0.com/docs/api/v2). From the top left section, add the following scopes:\n\n- **users > read** *(read:users)*\n- **users > update** *(update:users)*\n- **users > delete** *(delete:users)*\n- **users > create** *(create:users)*\n- **users_app_metadata > read** *(read:users_app_metadata)*\n- **users_app_metadata > update** *(update:users_app_metadata)*\n- **users_app_metadata > delete** *(delete:users_app_metadata)*\n- **users_app_metadata > create** *(create:users_app_metadata)*\n- **user_tickets > create** *(create:user_tickets)*\n- **connections > read** *(read:connections)*\n- **stats > read** *(read:stats)*\n\nMake note of the token generated (just below Token Generator), we'll need it later.\n\n## 5. Requarks Setup\n\nYou now have all the the required info for Auth0 to enter during Requarks setup.","excerpt":"","slug":"authentication","type":"basic","title":"Authentication"}
Authentication is handled by [Auth0](https://auth0.com/) cloud service. The free plan is more than enough for most scenarios and Requarks doesn't require any features specific to paid plans. We believe this is the most secure and flexible option. [block:api-header] { "type": "basic", "title": "Why Auth0?" } [/block] [block:image] { "images": [ { "image": [ "https://files.readme.io/cXhh4GLiRMioqP4M4pAV_logo.png", "logo.png", "462", "168", "#ec5424", "" ], "sizing": "original" } ] } [/block] Nowadays, most users want to login using their existing credentials provided by social services, such as Google, Microsoft, Facebook, etc., while companies want to use their AD / LDAP logins. Implementing all these services can be tedious and complex, especially when it comes to maintaining them over time. [Auth0](https://auth0.com/) integrates most social, enterprise and local database connectors. Also, for something as critical as security, it makes more sense to leave authentication to a well-known third-party which has security experts and implements the most secure and modern standards. Applications where the authentication process is handled internally usually lack on this point and quickly become vulnerable to security risks if not patched quickly. Finally, we wanted a service that was free to use. While companies may go toward paid plans for enterprise-level features, the majority of users won't need it. We may implement a local authentication option in the future, but isn't planned for now. [block:api-header] { "type": "basic", "title": "Configuration" } [/block] ## 1. Create a new application 1. If not done already, create an [Auth0](https://auth0.com/) account. The free plan is sufficient for most scenarios. 2. From the Auth0 dashboard, click on **Applications** and create a **new application** (e.g. Requarks). 3. Once the application is created, go to the **Settings** tab. Make note of the **Domain**, **Client ID** and **Client Secret**, we'll need them later. 4. In the **Allowed Callback URLs** field, enter the full URL of the application followed by **/auth_callback** (e.g. http://my.domain.com/auth_callback ). 5. In the **Allowed Logout URLs** field, enter the full URL of the application (e.g. http://my.domain.com/ ) 6. **Save** changes. ## 2. Configure connections 1. From the Auth0 dashboard, click on **Connections > Database** and create a **new DB connection**. 2. Make sure the **Disable Sign Ups** option is active. Unless you have a sign-up workflow configured and proper security in place for new registrations, leaving this option off means anyone can register and use Requarks! 3. Enable the application you created earlier to use this connection by activating the toggle under the **Application Using this Connection** section. 4. *Optional* - Add and configure additional social / enterprise connections as needed. **The email address attribute is required.** [block:callout] { "type": "danger", "title": "Use of an existing database", "body": "You can use an existing database, used by other applications. However, make sure your other applications **do not conflict with, or modify user/app metadata** managed by Requarks. Doing so can result in strange behaviors or a broken installation." } [/block] ## 3. Administrator account You can either create a new account in the database connection you created earlier or choose to login using a social / enterprise connection to use as the administrator account: - **DB:** From the Auth0 dashboard, click on **Users** and create a **new User**. Fill in the details and use the database connection you created earlier. - **Social / Enterprise:** From the Auth0 dashboard, click on **Connections > Social / Enterprise**. Click on the **Try** button next to the connection you wish to use. You will be prompted to authorize the application you just created to login with your social / enterprise connection. Once logged in, the account will be added to the list of users. Once the user is created / added, navigate to **Users**. Click on the newly added user, and under the **Identity Provider Attributes** section, make note of the **user_id** value, we'll need it later. ## 4. Create API Token Browse to [Auth0 API Explorer](https://auth0.com/docs/api/v2). From the top left section, add the following scopes: - **users > read** *(read:users)* - **users > update** *(update:users)* - **users > delete** *(delete:users)* - **users > create** *(create:users)* - **users_app_metadata > read** *(read:users_app_metadata)* - **users_app_metadata > update** *(update:users_app_metadata)* - **users_app_metadata > delete** *(delete:users_app_metadata)* - **users_app_metadata > create** *(create:users_app_metadata)* - **user_tickets > create** *(create:user_tickets)* - **connections > read** *(read:connections)* - **stats > read** *(read:stats)* Make note of the token generated (just below Token Generator), we'll need it later. ## 5. Requarks Setup You now have all the the required info for Auth0 to enter during Requarks setup.