Erik Play2Learn<p><span class="h-card" translate="no"><a href="https://chaos.social/@netzpolitik_feed" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>netzpolitik_feed</span></a></span> Haben die <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EUCommission</span></a></span> Kollegen schon mal von <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> gehört? Ein großer Teil der Anfrage-Verwaltung ist damit technisch schon gelöst.</p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
574active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.4
#oauth
0 posts · 0 participants · 0 posts today
Khalid Pro Max⚡️<p>I got <a href="https://mastodon.social/tags/Duende" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Duende</span></a> IdentityServer <a href="https://mastodon.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> working inside an <span class="h-card" translate="no"><a href="https://dotnet.social/@avaloniaui" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>avaloniaui</span></a></span> app. It's pretty easy, thanks to the Duende.IdentityModel package and the browser abstraction. <a href="https://mastodon.social/tags/dotnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotnet</span></a></p>
The New Oil<p>Fake "Security Alert" issues on <a href="https://mastodon.thenewoil.org/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> use <a href="https://mastodon.thenewoil.org/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> app to hijack accounts</p><p><a href="https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p>Malicious <a href="https://mastodon.thenewoil.org/tags/Adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Adobe</span></a>, <a href="https://mastodon.thenewoil.org/tags/DocuSign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DocuSign</span></a> <a href="https://mastodon.thenewoil.org/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> apps target <a href="https://mastodon.thenewoil.org/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> accounts</p><p><a href="https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a></p>
skry<p><a href="https://mastodon.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> Alert hijack attack <a href="https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/</span></a><br><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dev</span></a> <a href="https://mastodon.social/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a> <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a></p>
Matthew Turland<p>If you had to explain <a href="https://phpc.social/tags/OAuth2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth2</span></a> to a relatively new SWE who only had a bit of experience interacting with public APIs from a frontend UI, are there any specific beginner-friendly online resources you'd recommend to them?</p><p><a href="https://phpc.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> <a href="https://phpc.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://phpc.social/tags/SoftwareEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareEngineering</span></a> <a href="https://phpc.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareDevelopment</span></a> <a href="https://phpc.social/tags/Education" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Education</span></a></p>
NobleMajo<p>I have now installed and tested Authentik for CoreUnit.NET. So far I am satisfied. Keycloak, dex and other IDP's made me dissatisfied in some steps. As a developer I just dont like the container image taging, please use semver so I can pin major/minor versions. </p><p><a href="https://mastodon.social/tags/Authentik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentik</span></a> <a href="https://mastodon.social/tags/CoreUnitNET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CoreUnitNET</span></a> <a href="https://mastodon.social/tags/IDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IDP</span></a> <a href="https://mastodon.social/tags/Keycloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keycloak</span></a> <a href="https://mastodon.social/tags/Dex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dex</span></a> <a href="https://mastodon.social/tags/Containerization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Containerization</span></a> <a href="https://mastodon.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://mastodon.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareDevelopment</span></a> <a href="https://mastodon.social/tags/SemVer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SemVer</span></a> <a href="https://mastodon.social/tags/VersionControl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VersionControl</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/IdentityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentityManagement</span></a> <a href="https://mastodon.social/tags/DeveloperExperience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeveloperExperience</span></a> <a href="https://mastodon.social/tags/TechSatisfaction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechSatisfaction</span></a> <a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> <a href="https://mastodon.social/tags/OAUTH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAUTH</span></a></p>
hikari<p>USSO is a third-party cookie-based SSO (for now), built to work across multiple domains and businesses. It has been in development for over a year by Mahdi Kiani.</p><p>Right now, it's written in Python, but a Go rewrite is coming soon. After the rewrite, OAuth, SAML, and other authentication methods will be added.</p><p>For now, USSO doesn’t have a frontend to manage all SSO operations, but everything is available through an API.</p><p>A couple of microservices also work with USSO:</p><p>A global S3-based file manager</p><p>UFAAS, a Function-as-a-Service platform, optimized for Iran</p><p>UFAAS currently only supports IRT/IRR currencies and integrates with Iranian payment gateways, but accounts can also be manually charged.</p><p>A Rust module for USSO has also been released, making it easier to integrate with Rust-based applications. Additionally, I've recently joined the development team.</p><p>USSO is planned to be used on Parch Linux, and detailed deployment documentation will be written for all major platforms, including cloud, Docker, Kubernetes, and Jails.</p><p>Mahdi Kiani on X: <a href="https://x.com/mahdikiani" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">x.com/mahdikiani</span><span class="invisible"></span></a><br>Project GitHub: <a href="https://github.com/ussoio" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/ussoio</span><span class="invisible"></span></a><br>The File Manager: <a href="https://github.com/ufilesorg" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/ufilesorg</span><span class="invisible"></span></a><br>FaaS: <a href="https://github.com/ufaasio" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/ufaasio</span><span class="invisible"></span></a><br>profile manager based on usso: <a href="https://github.com/uprofile" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/uprofile</span><span class="invisible"></span></a><br>rustcrate: <a href="https://crates.io/crates/usso" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">crates.io/crates/usso</span><span class="invisible"></span></a></p><p><a href="https://mastodon.bsd.cafe/tags/USSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USSO</span></a> <a href="https://mastodon.bsd.cafe/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> <a href="https://mastodon.bsd.cafe/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> <a href="https://mastodon.bsd.cafe/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://mastodon.bsd.cafe/tags/FaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FaaS</span></a> <a href="https://mastodon.bsd.cafe/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://mastodon.bsd.cafe/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.bsd.cafe/tags/Go" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Go</span></a> <a href="https://mastodon.bsd.cafe/tags/ParchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParchLinux</span></a> <a href="https://mastodon.bsd.cafe/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://mastodon.bsd.cafe/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a> <a href="https://mastodon.bsd.cafe/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> <a href="https://mastodon.bsd.cafe/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://mastodon.bsd.cafe/tags/FileManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FileManager</span></a> <a href="https://mastodon.bsd.cafe/tags/UFAAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UFAAS</span></a> <a href="https://mastodon.bsd.cafe/tags/TechDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechDevelopment</span></a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a></p>
Aaron PareckiAt long last, the OAuth working group has finished the Best Current Practice for OAuth 2.0 Security and it was just published as RFC9700! This has been a long time in the works, and I'm very thankful to everyone who has helped out with it over the years! <br> <br><a href="https://www.rfc-editor.org/rfc/rfc9700.html" rel="nofollow noopener" target="_blank"><span class="">https://</span>www.rfc-editor.org/rfc/rfc9700.html</a> <br> <br>This is one of the major inputs to OAuth 2.1, so I'm also very excited to be able to move that forward this year as well!
Francis Augusto 🇳🇴/🇧🇷/:bahia:<p>A little rant about e-mail authentication: </p><p><a href="https://francisaugusto.com/2025/Email-quo-vadis-or-where-is-oidc-for-everyone/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">francisaugusto.com/2025/Email-</span><span class="invisible">quo-vadis-or-where-is-oidc-for-everyone/</span></a></p><p><span class="h-card" translate="no"><a href="https://io.mwl.io/@mwl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mwl</span></a></span> I'd love your comment on this!</p><p><a href="https://mastodon.babb.no/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>email</span></a> <a href="https://mastodon.babb.no/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.babb.no/tags/oauth2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth2</span></a> <a href="https://mastodon.babb.no/tags/thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thunderbird</span></a></p>
Doyensec<p>Despite being central to their security, many orgs struggle to securely implement <a href="https://infosec.exchange/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a>. Our new post walks through common issues & how to prevent them, along with a useful checklist! Read it today & ensure your org is secure: <a href="https://blog.doyensec.com/2025/01/30/oauth-common-vulnerabilities.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.doyensec.com/2025/01/30/o</span><span class="invisible">auth-common-vulnerabilities.html</span></a></p><p><a href="https://infosec.exchange/tags/doyensec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>doyensec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a></p>
Jürgen ⁂ :gts:<p>Langsam wird es auf meiner <a href="https://servus.jyrgi.de/tags/gotosocial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoToSocial</span></a> Instanz gemütlich :neocat_comfy:.<br><br>Ich habe gerade eine Sammlung von <a href="https://servus.jyrgi.de/tags/neocat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NeoCat</span></a> :neocat: Emojis hochgeladen. Das war gar nicht so einfach, da GTS solch einen Sammel-Upload von <a href="https://servus.jyrgi.de/tags/misskey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MissKey</span></a> Emoji Archiven noch nicht unterstützt. Man kann Emojis nur einzeln per API Aufruf hochladen.<br><br>Da ich aber ein bisschen <a href="https://servus.jyrgi.de/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> kann, war das Problem relativ schnell behoben<br><br>**Ich habe zwei Scripte geschrieben:**<br><br>- Eines um mich per <a href="https://servus.jyrgi.de/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> zu authentifizieren um ein Bearer Token für die API Aufrufe zu erhalten.<br>- Ein weiteres, das die meta.json Datei von MissKey kompatiblem Emoji Archiven auswertet und dann alle Emojis im Archiv einzeln per API Aufruf hochlädt.<br><br>**Was habe ich gelernt:**<br><br>- Wie MissKey Emoji Archive aufgebaut sind.<br>- Wie man sich bei GTS per OAuth authentifiziert.<br>- Wie man Emojis aus MissKey Archiven per GTS API calls hochlädt.<br><br><a href="https://servus.jyrgi.de/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> <a href="https://servus.jyrgi.de/tags/gotosocial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoToSocial</span></a> <a href="https://servus.jyrgi.de/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://servus.jyrgi.de/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> <a href="https://servus.jyrgi.de/tags/customemojis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CustomEmojis</span></a></p>
Anupam 《ミ》λ≡<p>I don't want to create a new account for every software / server. Where is the <a href="https://social.id1.in/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> thing for <a href="https://social.id1.in/tags/activitypub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActivityPub</span></a>?<br><br><a href="https://social.id1.in/tags/mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> <a href="https://social.id1.in/tags/pixelfed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PixelFed</span></a> <a href="https://social.id1.in/tags/lemmy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lemmy</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://mastodon.thenewoil.org/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> flaw lets attackers gain access to abandoned accounts</p><p><a href="https://www.bleepingcomputer.com/news/security/google-oauth-flaw-lets-attackers-gain-access-to-abandoned-accounts/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/google-oauth-flaw-lets-attackers-gain-access-to-abandoned-accounts/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Aaron King<p>Anybody close their personal Gmail or Outlook, ie Google and Microsoft accounts? They are just spam and I have pretty good success with my private email domain so I'm just tired of all the spam and tracking if I don't use their services. I just need a replacement OAuth server and Authenticator app. <a href="https://fosstodon.org/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> <a href="https://fosstodon.org/tags/otp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>otp</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>email</span></a></p>
Hackread.com<p>SquareX Researchers Expose <a href="https://mstdn.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> Attack on Chrome Extensions Days Before Major Breach</p><p>Read: <a href="https://hackread.com/squarex-researchers-expose-oauth-attack-on-chrome-extensions-days-before-major-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/squarex-researche</span><span class="invisible">rs-expose-oauth-attack-on-chrome-extensions-days-before-major-breach/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://mstdn.social/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chrome</span></a> <a href="https://mstdn.social/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a></p>
Dźwiedziu<p>I deem OAUTH^WGoogle (see below) hostile to self-hosting, thanks to the callback URI enforcing it being a TLD.</p><p><a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a> <a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a></p>
Mails on my personal front are purely for bills, and other updates. I've been using aerc for a while but I had to switch.
I realized how bad the e-mail client scenario is on Linux now that services demand OAuth2. The majority of clients don't support it so you have to use proxies, and complex 3rd party tools with complex configurations, and mail downloaders. It's crazy.
Maybe, I'm missing something. I just installed Thunderbird after avoiding it.
Add a custom icon to Auth0's Custom Social integrations
https://shkspr.mobi/blog/2024/12/add-a-custom-icon-to-auth0s-custom-social-integrations/
This is so fucking stupid.
There is no way to update the logo of a custom social connection on Auth0 without using the command line. On literally every other service I've used, there's a little box to upload a logo. But Okta have a funny idea of what developers want.
And, to make matters worse, their documentation contains an error! They don't listen to community requests or take bug reports, so I'm blogging in the hope that this is useful to you.
The Command
curl --request PATCH \-H 'Content-Type: application/json' \-H 'Accept: application/json' \-H 'Authorization: Bearer eyJhb...ZEQ' \ --url 'https://whatever.eu.auth0.com/api/v2/connections/con_qwerty123456' \ --data ' ... 'You will also need to supply some JSON in the data parameter. I've formatted it to be easier to read than the garbage documentation. All of these fields are mandatory.
{ "options": { "client_id": "your-app-id", "client_secret": "Shhhhhh!", "icon_url": "https://example.com/image.svg", "scripts": { "fetchUserProfile": "???" }, "authorizationURL": "https://example.com/oauth2/authorize", "tokenURL": "https://example.com/oauth2/token", "scope": "auth" }, "display_name": "Whatever"}OK, but how do you get all those values?
- Bearer token:
- Create a management token
- The only scope it needs is
update:connections
- URl
- This is your normal Auth0 domain name.
- The Connection ID at the end can be found in the dashboard of your social connection
- Client ID & Secret
- You set these in the social connection's dashboard.
icon_url- Public link to an image. It can be an SVG.
fetchUserProfile- Whatever code you want to run. If you don't want any, you can't leave it blank. So type in a couple of characters.
authorizationURLandtokenURL- Wherever you want to redirect users to
display_name- What you want to show to the user
This is such a load of bollocks! Is it really that hard for the Okta team to put an input field with "type the URl of your logo"?
Terence Eden’s Blog · Add a custom icon to Auth0's Custom Social integrations
More from 
Terence Eden
blog! “Add a custom icon to Auth0's Custom Social integrations”
This is so fucking stupid.
There is no way to update the logo of a custom social connection on Auth0 without using the command line. On literally every other service I've used, there's a little box to upload a logo. But Okta have a funny idea of what developers want.
And, to make matters…
⸻
#Auth0 #HowTo #oauth
Terence Eden’s Blog · Add a custom icon to Auth0's Custom Social integrations
More from Terence Eden
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload