#Auth0

Security Landsecurityland
2025-05-19

🚨 A critical vulnerability (CVE-2025-47275) in the Auth0 SDK exposes Symfony, Laravel, and WordPress users to brute-force session attacks. Okta has released patches—learn how to protect your application now.

Read More: security.land/critical-vulnera

JAVAPROjavapro
2025-05-15

What if your assistant quietly leaked your company’s secrets? Can RAG systems be truly secure? Deepu Sasidharan thinks so—with & .
Discover how real-time ReBAC can stop silent data breaches.

Read now: javapro.io/2025/04/14/securing

Terence EdenEdent
2025-05-02

Aha! Fair play to - they have a one-click "Block User" function. So that's one problem solved.

:rss: Qiita - 人気の記事qiita@rss-mstdn.studiofreesia.com
2025-04-27
JAVAPROjavapro
2025-04-17

Are your RAG apps leaking more than they retrieve? Deepu Sasidharan just dropped a 🔥 guide on securing -based systems using + . Sensitive data deserves better.

If you think RBAC is enough—read this: javapro.io/2025/04/14/securing

JAVAPROjavapro
2025-04-14

What if your assistant quietly leaked your company’s secrets? Can RAG systems be truly secure? Deepu Sasidharan thinks so—with & .
Discover how real-time ReBAC can stop silent data breaches.

Read now: javapro.io/2025/04/14/securing

WeblineIndiaweblineindia
2025-03-05

We're excited to share our latest success in improving user security and experience with Auth0's powerful authentication tools.

Dive into our comprehensive case study and see how we tackled the challenges! weblineindia.com/case-studies/

Curtis McHalecurtismchale
2025-02-24

Caching Auth0 API responses in Laravel
In the app I'm working on we use Auth0 to handle our login system and then authorize sites over to WordPress from our main dashboard. The problem is that when calling Auth0 for the user roles we have setup we don't always get a response as soon as we need it and then our Laravel app throws errors.

Since we don't need the roles on most pages I decided not to go with
sfndesign.ca/caching-auth0-api

Playing Gamespg@jforo.com
2025-02-18

セガ、ゲームユーザーの認証システムにIDaaSを導入、内製からAuth0に換えてセキュリティを強化 | IT Leaders playing-games.com/530559/ #Auth0 #Game #GameNews #GamingNews #IDaaS #ID管理 #IT #itleaders #it情報 #Okta #エンターテインメント #ゲーム #ゲーム最新情報 #セガ #ゼロトラスト #情報システム #情報メディア

セガ、ゲームユーザーの認証システムにIDaaSを導入、内製からAuth0に換えてセキュリティを強化 | IT Leaders

Developers, please - don't do this. If you need more than two states, make two booleans or an enum option or something.

Using a single boolean as a *tri-state* input is _confusing_, not clever.

Side-eye at you, #Auth0

A screenshot of an API "query parameters" page, with the "installed (boolean)" parameter highlighted.  The description of the installed parameter reads:

Optional.  When True, return only installed actions. When false, return only custom actions. Returns all actions by default.
Alvin Ashcraft 🐿️alvinashcraft@hachyderm.io
2024-12-09

Using Entra External ID with an Auth0 OpenID Connect identity provider by Damien Bowden.

buff.ly/3D4Drql
#entra #openid #auth0 #identity #auth #entraexternalid #cloud #azure

Terence Eden’s Blogblog@shkspr.mobi
2024-12-09

Add a custom icon to Auth0's Custom Social integrations

shkspr.mobi/blog/2024/12/add-a

This is so fucking stupid.

There is no way to update the logo of a custom social connection on Auth0 without using the command line. On literally every other service I've used, there's a little box to upload a logo. But Okta have a funny idea of what developers want.

And, to make matters worse, their documentation contains an error! They don't listen to community requests or take bug reports, so I'm blogging in the hope that this is useful to you.

The Command

curl --request PATCH \-H 'Content-Type: application/json' \-H 'Accept: application/json' \-H 'Authorization: Bearer eyJhb...ZEQ' \  --url 'https://whatever.eu.auth0.com/api/v2/connections/con_qwerty123456' \  --data ' ... '

You will also need to supply some JSON in the data parameter. I've formatted it to be easier to read than the garbage documentation. All of these fields are mandatory.

{  "options": {    "client_id": "your-app-id",    "client_secret": "Shhhhhh!",    "icon_url": "https://example.com/image.svg",    "scripts": {      "fetchUserProfile": "???"    },    "authorizationURL": "https://example.com/oauth2/authorize",    "tokenURL": "https://example.com/oauth2/token",    "scope": "auth"  },  "display_name": "Whatever"}

OK, but how do you get all those values?

  • Bearer token:
  • URl
    • This is your normal Auth0 domain name.
    • The Connection ID at the end can be found in the dashboard of your social connection
  • Client ID & Secret
    • You set these in the social connection's dashboard.
  • icon_url
    • Public link to an image. It can be an SVG.
  • fetchUserProfile
    • Whatever code you want to run. If you don't want any, you can't leave it blank. So type in a couple of characters.
  • authorizationURL and tokenURL
    • Wherever you want to redirect users to
  • display_name
    • What you want to show to the user

This is such a load of bollocks! Is it really that hard for the Okta team to put an input field with "type the URl of your logo"?

#Auth0 #HowTo #oauth

Terence EdenEdent
2024-12-09

🆕 blog! “Add a custom icon to Auth0's Custom Social integrations”

This is so fucking stupid.

There is no way to update the logo of a custom social connection on Auth0 without using the command line. On literally every other service I've used, there's a little box to upload a logo. But Okta have a funny idea of what developers want.

And, to make matters…

👀 Read more: shkspr.mobi/blog/2024/12/add-a

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst