Auth0 for MODX CMS

Jan 8, 2018

What is it?

According to auth0.com, Auth0 is "The new way to solve Identity".

We solve the most complex identity use cases with an extensible and easy to integrate platform that secures billions of logins every month

Auth0 allows you to plug-in multiple identity providers and integrate them with multiple client applications. Now, your MODX site can join in the fun!

Example Use Case

Say your organization uses G-Suite. Every staff member has an email address under your G-Suite domain, and those accounts are governed by your IT team according to internal policies. Yay!

You then setup a MODX CMS site, to use as an intranet. Only staff should be able to access the content therein. Previously, your Users would need to maintain a new, secondary login account inside MODX (the modUser account). This is one too many logins to maintain, IMHO.

Now, you can install the Auth0 Extra for MODX, and present your Users with an Auth0 federated login screen. Users click the "Login with Google" button, and upon authentication, they automagically get a session on your MODX siteā€”but only if they have a valid modUser account.

NOTE: They don't need to know how to login using the modUser account, it just needs to exist. Those modUsers can have ridiculously strong, random passwords, that no one will need to memorize :)

UPDATE [2018-03-18] As of version 0.6.0-dev2 modUser accounts can be created with a custom hash_class that essentially disables logging in via any means other than Auth0. User profile and User Groups synchronization between multiple MODX sites and your Auth0 domain is now supported, along with a JWT login flow.

UPDATE [2018-03-20] Version 0.7.0-dev2 adds important security hardening and the ability to sync User Settings across MODX sites. All dev versions are mandatory updates, and should not be used on production sites.

UPDATE [2019-03-30] Version 1.0.0-beta1 has been tested in production.

You can extend your Auth0 implementation to other client applications in your tech stack, taking your organization's user management to the next level.

For more information and documentation check out the README.

Where to get it?

You can install it via the MODX Extras Installer (search for "Auth0") or download it directly. The codebase is managed on Github.

Vive la MODX!