2
votes

I am trying to drop in Auth0 and replace login and registration methods in an existing REST api on the server. The current system uses email and password.

To that end I'm implementing the login and register endpoints using Auth0 as the backing store. I created a user with email and password successfully using the management api via my Node.js server.

var request = require("request");

var options = { method: 'POST',
  url: 'https://test.auth0.com/api/v2/users',
  headers: 
   { 
     'content-type': 'application/json',
     authorization: 'Bearer SomeToken' },
  body: 
   { connection: 'Username-Password-Authentication',
     email: '[email protected]',
     password: 'test',
     user_metadata: { enable_promotions: true },
     email_verified: false,
     app_metadata: {} },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);
  console.log(body);
});

I'm stuck trying to figure out how to now authenticate that same user. I couldn't find an authenticate method on the management api, so I tried it using the authentication api but it says that username is required - in my case I created a user via email and not username.

a) do I have to use the autentication API rather than the management api to authenticate with password and email?

b) do I use the email as the username?

1

1 Answers

7
votes

Yes, all authentication related endpoints are implemented in the scope of the Authentication API. You should use this instead of the Management API to authenticate a user using email and password.

Also, by default, database connection in Auth0 use the email as user identifier, so if your connection is using default settings you should use the email as the username. It's possible to configure them to also require a traditional username in addition to the email and in those situations you would no longer use the email during authentication.

There are many possible ways to integrate Auth0 authentication, if your usage scenario include a custom user interface where you collect the username/password credentials and then just want to validate them with Auth0, you can use the resource owner endpoint of the Authentication API.