Thursday, August 17, 2017

Programmatically Logging in to a site with the Auth0 Lock Widget

I had the joy of having to figure out how to programmatically log in to a website that uses the Auth0 Lock Widget for authentication. Since Auth0 provides authentication as s service, the login flow is slightly more complex than a simple POST to the site's login endpoint. Fortunately for you, I've spent the time figuring it out ;)

In a nutshell, there are 4 calls that have to be made for a successful login
  1. GET to the site you are trying to log in to (to get a state variable)
  2. POST to Auth0 with the username and password
  3. POST to the callback handler on Auth0 with the results from the previous POST
  4. GET to the redirect page that the previous POST indicates to redirect to
The following Ruby script does exactly what you'd expect it to do making use of the RestClient and Nokogiri gems. Note, you could make this script work without these two gems, but they do make life quite a bit easier.


Let's hope that Auth0 doesn't change it's login specs anytime soon!