#auth0 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #auth0, aggregated by home.social.
-
Dew Drop – April 23, 2026 (#4653)
https://fed.brid.gy/r/https://alvinashcraft.com/2026/04/23/dew-drop-april-23-2026-4653/
-
Dew Drop – April 15, 2026 (#4647)
https://fed.brid.gy/r/https://alvinashcraft.com/2026/04/15/dew-drop-april-15-2026-4647/
-
Dew Drop – April 13, 2026 (#4645)
https://fed.brid.gy/r/https://alvinashcraft.com/2026/04/13/dew-drop-april-13-2026-4645/
-
Dew Drop – March 13, 2026 (#4624)
https://fed.brid.gy/r/https://alvinashcraft.com/2026/03/13/dew-drop-march-13-2026-4624/
-
🆕 blog! “Adding "Log In With Mastodon" to Auth0”
I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs.
There are a wide range of social media logins provided by Auth0 - including the usual suspects like…
👀 Read more: https://shkspr.mobi/blog/2026/03/adding-log-in-with-mastodon-to-auth0/
⸻
#Auth0 #HowTo #mastodon #MastodonAPI #SocialMedia -
Adding "Log In With Mastodon" to Auth0
https://shkspr.mobi/blog/2026/03/adding-log-in-with-mastodon-to-auth0/I use Auth0 to provide social logins for the OpenBenches website. I don't want to deal with creating user accounts, managing passwords, or anything like that, so Auth0 is perfect for my needs.
There are a wide range of social media logins provided by Auth0 - including the usual suspects like Facebook, Twitter, WordPress, Discord, etc. Sadly, there's no support for Mastodon0.
All is not lost though. The Auth0 documentation says:
However, you can use Auth0’s Connections API to add any OAuth2 Authorization Server as an identity provider.
You can manually add a single Mastodon instance, but that doesn't work with the decentralised nature of the Fediverse. Instead, I've come up with a manual solution which works with any Mastodon server!
Background
Every Mastodon1 server is independent. I have an account on
mastodon.socialyou have an account onwhatever.chaos. They are separate servers, albeit running similar software. A generic authenticator needs to work with all these servers. There's no point only allowing log ins from a single server.Fortuitously, Mastodon allows app developers to automatically create new apps. A few simple lines of code and you will have an API key suitable for read-only access to that server. You can read how to instantly create Mastodon API keys or you can steal my PHP code.
User Experience
The user clicks the sign-in button on OpenBenches. They're taken to the Auth0 social login screen:
The user clicks on Mastodon. This is where Auth0's involvement ends!
The user is asked to provide the URl of their instance:
In the background, my server contacts the Mastodon instance and creates a read-only API key.
The user is asked to sign in to Mastodon.
The user is asked to authorise read-only access.
The user is now signed in and OpenBenches can retrieve their name, avatar image, and other useful information. Hurrah!
Auth0
Once you have created a service to generate API keys, it will need to run on a publicly accessible web server. For example
https://example.com/mastodon_login.Here's what you need to do within your Auth0 tennant:
- Authentication → Social → Create Connection
- At the bottom, choose "Create Custom".
- Choose "Authentication" only.
- Give your connection a name. This will be visible to users.
- "Authorization URL" and "Token URL" have the same value - the URl of your service.
- "Client ID" is only visible to you.
- "Client Secret" any random password; it won't be used for anything.
- Leave everything else in the default state.
It should look something like this:
Click the "Create" button and you're (almost) done.
Auth0 Icon
You will need to add a custom icon to the social integration. Annoyingly, there's no way to do it through the web interface, so follow that guide to use the command line.
Done!
I'll admit, this isn't the most straightforward thing to implement. Auth0 could make this easier - but it would still rely on users knowing the URl of their home instance.
That said, the Mastodon API is a delight to work with and the read-only permissions reduce risk for all parties.
Auth0 did blog about Mastodon a few years ago but never bothered implementing it! ↩︎
I do mean Mastodon; not the wider Fediverse. This only works with sites which have implemented Mastodon's APIs. ↩︎
-
Dew Drop – February 12, 2026 (#4603)
https://fed.brid.gy/r/https://alvinashcraft.com/2026/02/12/dew-drop-february-12-2026-4603/
-
Dew Drop – February 2, 2026 (#4595)
https://fed.brid.gy/r/https://alvinashcraft.com/2026/02/02/dew-drop-february-2-2026-4595/
-
Dew Drop – December 19, 2025 (#4565)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/12/19/dew-drop-december-19-2025-4565/
-
Dew Drop – November 20, 2025 (#4545)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/11/20/dew-drop-november-20-2025-4545/
-
Dew Drop – November 17, 2025 (#4542)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/11/17/dew-drop-november-17-2025-4542/
-
Growth shouldn’t be a penalty.
Auth0’s MAU-based pricing punishes successful SaaS teams with unpredictable bills and gated features.
🔧 SSOJet offers a flat-rate identity platform — same enterprise features (SAML, SCIM, MFA) without the exponential cost curve.
Cut your Auth0 bill by 70%. Keep your features.
🔗 Read the guide: How to Cut Your Auth0 Bill by 70% Without Losing Enterprise Features
-
Kratos - Cloud native Auth0 open-source alternative (self-hosted)
#HackerNews #Kratos #Auth0 #Alternative #CloudNative #OpenSource #SelfHosted
-
Xây dựng ngân hàng số từ đầu: Sử dụng Spring Boot, Auth0, PostgreSQL. Bao gồm các khái niệm Domain-Driven Design, FDX-compliant API, idempotency. #NgânHàngSố #DigitalBank #SpringBoot #Auth0 #PostgreSQL #LậpTrình #Programming
https://www.reddit.com/r/programming/comments/1ov9epi/build_a_digital_bank_stepbystep_playlist/
-
Auth0’s developer trust is fading fast.
Support delays, unpredictable costs, and forced migrations have made 2025 tough for SaaS teams relying on it.
🔧 SSOJet gives you a simpler path — add enterprise SSO on top of Auth0 (or any IDP), keep your stack, and pay flat-rate pricing.
Devs deserve reliability, not chaos.
🔗 Read the full blog: Auth0 Support After Okta: What Developers Are Saying in 2025
-
Dew Drop – November 11, 2025 (#4538)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/11/11/dew-drop-november-11-2025-4538/
-
Dew Drop – November 5, 2025 (#4534)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/11/05/dew-drop-november-5-2025-4534/
-
Dew Drop – October 22, 2025 (#4524)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/10/22/dew-drop-october-22-2025-4524/
-
Dew Drop – October 17, 2025 (#4521)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/10/17/dew-drop-october-17-2025-4521/
-
Dew Drop – October 13, 2025 (#4517)
https://fed.brid.gy/r/https://alvinashcraft.com/2025/10/13/dew-drop-october-13-2025-4517/
-
Okta just flipped the script on cybersecurity by open-sourcing its Auth0 Rules Catalog. Imagine a community-powered playbook that spots threats before they strike—ready to change the game? Check out how this could redefine defense.
-
Are your RAG apps leaking more than they retrieve? Deepu Sasidharan just dropped a 🔥 guide on securing #Java-based #AI systems using #LangChain4j + #OpenFGA. Sensitive data deserves better.
If you think RBAC is enough—read this: https://javapro.io/2025/04/14/securing-the-future-of-ai-authorization-for-java-rag-systems-using-langchain4j-and-openfga/
-
🚨 A critical vulnerability (CVE-2025-47275) in the Auth0 SDK exposes Symfony, Laravel, and WordPress users to brute-force session attacks. Okta has released patches—learn how to protect your application now.
#SecurityLand #CyberWatch #Auth0 #Okta #PHP #Laravel #WordPress #Symfony #Vulnerability #Patch
-
What if your #AI assistant quietly leaked your company’s secrets? Can #Java RAG systems be truly secure? Deepu Sasidharan thinks so—with #LangChain4j & #OpenFGA.
Discover how real-time ReBAC can stop silent data breaches. -
Are your RAG apps leaking more than they retrieve? Deepu Sasidharan just dropped a 🔥 guide on securing #Java-based #AI systems using #LangChain4j + #OpenFGA. Sensitive data deserves better.
If you think RBAC is enough—read this: https://javapro.io/2025/04/14/securing-the-future-of-ai-authorization-for-java-rag-systems-using-langchain4j-and-openfga/
-
What if your #AI assistant quietly leaked your company’s secrets? Can #Java RAG systems be truly secure? Deepu Sasidharan thinks so—with #LangChain4j & #OpenFGA.
Discover how real-time ReBAC can stop silent data breaches. -
#Auth0 is down! Good times had by no one...
-
Sam Altman-Backed Worldcoin Reaches 2 Million Signups - Worldcoin, a startup that aims to build the “world’s largest identity and financia... - https://news.bitcoin.com/sam-altman-backed-worldcoin-reaches-2-million-signups/ #talentprotocol #integration #samaltman #worldcoin #worldapp #signups #worldid #auth0 #news #orb
-
Sam Altman-Backed Worldcoin Reaches 2 Million Signups - Worldcoin, a startup that aims to build the “world’s largest identity and financia... - https://news.bitcoin.com/sam-altman-backed-worldcoin-reaches-2-million-signups/ #talentprotocol #integration #samaltman #worldcoin #worldapp #signups #worldid #auth0 #news #orb
-
#TIL that you don’t need an #auth library like #Laravel’s fortify. Just host an AuthN provider and implement #oidc or #ldap.
If you ship a desktop app, you don’t need #AuthN because the user is authenticated through their login into their computer.
If you ship to a business, they will have an LDAP or OIDC server or will host one when needed.
If you ship an app with online account, you can just host #Keycloak or #Authentic or pay #auth0.
More below:
-
Yay! Check it out! It was super fun to make this article about how we can integrate @auth0 into @harperdbio using #JavaScript and custom functions! It's definitely something that will be useful
---
RT @harperdbio
Previously, we saw how to authenticate users using OAuth in HarperDB. In this article, we go a step further & modify our custom function implementation to allow us to use @auth0 by Okta.via @_StaticVoid
#Auth0 #Nodejs #Harpe…
https://twitter.com/harperdbio/status/1628818970957557765 -
Ding, dong, the CVE is dead! :partyparrot:
The JWT nodejs "vulnerability" from December, popularised at the start of January, has been recognised as a non-issue 🫥
I'm really glad to see it gone. Hoping we get a rash of news stories to follow up on the torrent 🌊 that followed the Unit 42 blog...
I'm not sure if its removal was down to me raising an issue on the GitHub Advisory Database :omya_github: to ask for it to be removed.
#jwt #cve #errata #cve_2022_23529 #auth0 #unit42 #jsonwebtoken
-
Excuse the hashtag spam, but I'm trying to find my tribe.
I'm interested in production deployments of ReBAC (relationship based access control) in "enterprise" environments.
Specifically, anyone who has worked on something similar to Google Zanzibar to authorize access into, not just "resources", but dynamic workflow/process driven APIs. Bonus if it is was in a SaaS setting, where each tenant has unique workflows.
-
Free Online Tools for Looking up Potentially Malicious Websites.
Examine the #URL in real-time to identify threats.
#AbuseIPDB: Provides reputation data about the IP address or hostname.
#Auth0 Signals: Checks IP address reputation; supports API.
#BrightCloud URL/IP Lookup: Presents historical reputation data about the website.
#CheckPhish: Checks whether the URL is a fraudulent site.
#Desenmascara.me: Flags websites suspected of selling counterfeit products.
-
Thoma Bravo takes a stake in threat intelligence provider Intel 471 - Private equity giant Thoma Bravo has taken a stake in Intel 471, a provider of cyb... - http://feedproxy.google.com/~r/Techcrunch/~3/Belk3DMgE98/ #securitysoftware #cyberwarfare #cybercrime #technology #thomabravo #computing #logrhythm #security #broadcom #symantec #mcafee #sophos #auth0 #texas #ceo
-
A16Z interview, 5G, Peloton, handling Big Tech issues, and offering better benefits - Unraveling the “Secrets of Sand Hill Road” and the VC thought process, with Andreessen Horowitz’s Sc... more: http://feedproxy.google.com/~r/Techcrunch/~3/8kHcatBAwTQ/ #theextracrunchdaily #andreessenhorowitz #scottkupor #qualcomm #peloton #ampush #google #lenovo #medium #auth0 #intel