You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TLDR: We would like to understand the API stability guarantees that Auth0 provides when it comes to the log entry format.
We are currently implementing an authentication scheme that leverages the security log to protect users from a compromised Auth0 management account. To do this we need to parse specific log entries and correlate them with data found in tokens. This means that the security log API will become part of our "availability hot path" where API breakages would directly affect our users' ability to log in.
Describe the ideal solution
An ideal solution would be a description of the guarantees. In particular, when a breaking change does happen, what is the process of rolling it out? Can we get some kind of notification? How long would it take between the notification and the release of the new format?
Alternatives and current work-arounds
We could make the parsing "lax" and try to create a "degraded security" authentication scheme. Breaking change happens => our software is not able to prove the integrity of the login flow => but it can continue to function with restricted functionality, until we implement the handling of the new format. However, this requires considerable extra engineering effort and degraded UX.
Additional context
We are using Auth0 and confidential computing enclaves to create a "strong authentication" scheme that's resistant to compromise of our own stack. In this threat model Auth0 is trusted as the IdP root, but our tenant/management plane is explicitly not trusted.
The text was updated successfully, but these errors were encountered:
Describe the problem you'd like to have solved
TLDR: We would like to understand the API stability guarantees that Auth0 provides when it comes to the log entry format.
We are currently implementing an authentication scheme that leverages the security log to protect users from a compromised Auth0 management account. To do this we need to parse specific log entries and correlate them with data found in tokens. This means that the security log API will become part of our "availability hot path" where API breakages would directly affect our users' ability to log in.
Describe the ideal solution
An ideal solution would be a description of the guarantees. In particular, when a breaking change does happen, what is the process of rolling it out? Can we get some kind of notification? How long would it take between the notification and the release of the new format?
Alternatives and current work-arounds
We could make the parsing "lax" and try to create a "degraded security" authentication scheme. Breaking change happens => our software is not able to prove the integrity of the login flow => but it can continue to function with restricted functionality, until we implement the handling of the new format. However, this requires considerable extra engineering effort and degraded UX.
Additional context
We are using Auth0 and confidential computing enclaves to create a "strong authentication" scheme that's resistant to compromise of our own stack. In this threat model Auth0 is trusted as the IdP root, but our tenant/management plane is explicitly not trusted.
The text was updated successfully, but these errors were encountered: