How complex is it to plug an external auth provider

Hello Ghost contributors,

How complex is it to plug an external auth provider such as Auth0 or any cloud based authentification (AWS Amplify, firebase) ?

Or best, is it easy to bypass the authentification system by providing some tokens or just a call to a function that just does “hey this user xxx is connected” directly somewhere in the code ?

Cheers, A.

1 Like

Hey @arelaxend, can I ask what you’re trying to achieve with Ghost by using an external auth provider? :slight_smile:

We’d love to have a single sign-on experience, but couldn’t find a way to do it natively in Ghost :slightly_frowning_face:

1 Like

Hey team!

I’m in the same boat: with introduction of Members (fantastic feature!) I must find a way to integrate the members that I already have elsewhere (in my case, they are in https://auth0.com) and let them login with their prefered method and existing credentials. It would also allow users to login their way (social, SSO/SAML, passwordless SMS, with/without MFA, etc).

Basically, it’s just delegating authentication flow to an external service, getting an access token and an id_token back from them, and using these items as usual.

As I work for a company that does exactly this (we do identity management), would it be possible to collaborate with someone in some way on this integration?

Cheers!

1 Like

pinging @DavidDarnes for visibility :wink:

I’m in the same boat: App Integrations, Auth

I would love to use an external auth provider or even use Ghost itself as an Identity Provider. I would like my members to be able to leverage SSO across several services (example: Ghost, Discourse) and ideally something like Auth0 would be great.

2 Likes

Did anyone here make any progress with this?
I’m currently trying to scope out hooking ghost into an app we’re working on, and it’d be super useful to be able to use firebase auth.