Hi there! I'm Sandrino Di Mattia, Principal Architect at Auth0 and living in Belgium 🇹🇩. This site is an archive of my adventures in cloud, identity and security.
JWT Bearer Authentication and Authorization for ASP.NET Core 5
An introduction on how to configure JWT Bearer authentication and authorization (based on scopes) for your ASP.NET Core 5 APIs.
December 18, 2020
Insomnia Core: Testing APIs secured with Auth0
Insomnia Core is lightweight and simple tool for testing your REST, GraphQL and gRPC services. With native support for OAuth 2.0 it also comes in handy when you're using Auth0 to secure these services.
December 16, 2020
Deploying changes to your Auth0 accounts with GitHub Actions
With GitHub Actions and the Auth0 Deploy CLI you can bring "Infrastructure as Code" to your Auth0 accounts.
November 12, 2020
Leveraging Cloudflare Workers to prevent attackers from bypassing your Cloudflare WAF
A long standing challenge with Cloudflare is the ability to bypass all protections by attacking the Origin IP directly. Cloudflare Workers could provide a simple way to solve this issue once and for all.
July 31, 2020
Securing Netlify Functions with serverless-jwt and Auth0
The new serverless-jwt library makes it extremly simple to secure your JAMstack APIs like Netlify Functions using JSON Web Tokens. In this post we'll explore how this works with Auth0.
July 28, 2020
Configuring Auth0 as an OpenID Connect provider for your Azure App Service
For a very long time the Azure App Service made it very easy to authenticate users using Azure AD and a handful of social providers through the flip of a switch. With the upcoming support for OpenID Connect providers you can now easily configure Auth0 as an authentication provider for your site.
July 27, 2020
Controlling access to your AWS API Gateway HTTP API with Auth0
The Amazon API Gateway HTTP API allows you to configure JWT authorizers, making it very simple to control access to your API using Auth0.
May 28, 2020
Configuring Auth0 as a custom authentication provider for MongoDB Stitch applications
By configuring Auth0 as a Custom JWT Authentication provider you can allow users to sign in with username/password, social providers, OIDC, SAML, ... to your MongoDB Stitch applications.
May 18, 2020
An in-depth overview of writing Cypress end-to-end tests when using Auth0
Cypress makes it extremely easy to write end to end tests, until your user have to sign in using a redirect based protocol (eg: OpenID Connect). This post covers how you can write Cypress tests when signing in to JAMstack and regular web applications.
May 13, 2020