Adding Trello login support to Auth0

At my company Routegy, we use Auth0 for identity management. While it is nice, in theory, to offload authn/authz to someone else so you can focus on building your product, integrating it does have a number of quirks.

In this instance, I was looking to support Trello logins, which Auth0 doesn’t support with a native social connection. A quick Google search yields this community post which recommends that you use the Custom Social Connections extension. This doesn’t appear to work since Trello uses OAuth 1.1 and the Custom Social Connections extension only appears to support OAuth 2.0.

After some further research, I thankfully came across documentation outlining Auth0 support for creating generic OAuth 1 and OAuth 2 connections. This works by creating an Auth0 connection with OAuth 1.1 urls and writing a custom javascript function that takes information provided in the OAuth callback to create an Auth0 profile.

With some custom code, we should be able to support Trello logins. Let’s dive in!

Getting your Trello credentials

In order to create an OAuth 1.1 connection, you will need your client_id and client_secret pair for Trello. To get these, login to Trello and go to https://trello.com/app-key.

The client_id value will be the Key value found on this page.

The client_secret value will be found by clicking the Token URL found on that page. This will prompt you to give access to the Trello Server Token application. Granting access will display the value to use.

Creating a Trello connection

Read the official documentation here for getting your Auth0 Management API token.

To create an arbitrary OAuth 1.1 connection in Auth0, we need to use the Auth0 Management API as there is no support for it in the management dashboard. This can be done with a simple curl command such as:

curl -X POST
     -H "Content-Type: application/json"
     -H 'Authorization: Bearer ${YOUR_AUTH0_MANAGEMENT_API_TOKEN}'
     -d @trello.json https://${YOUR_AUTH0_DOMAIN}/api/v2/connections

This creates an Auth0 connection using the JSON data stored in our local trello.json file. The contents of this file will change based on specifics to your account but will look something like:

Read the official documentation here for more information on Trello application name, scope, and expiration.

{
  "name": "trello",
  "strategy": "oauth1",
  "options": {
    "client_id": "${YOUR_TRELLO_CLIENT_ID}",
    "client_secret": "${YOUR_TRELLO_CLIENT_SECRET}",
    "requestTokenURL": "https://trello.com/1/OAuthGetRequestToken",
    "accessTokenURL": "https://trello.com/1/OAuthGetAccessToken",
    "userAuthorizationURL": "https://trello.com/1/OAuthAuthorizeToken?name=${APP_NAME}&scope=${SCOPE}&expiration=${EXPIRATION}",
    "scripts": {
      "fetchUserProfile": "${SCRIPT}"
    }
  },
    "enabled_clients": [
      "${AUTH0_CLIENT_1}",
      "${AUTH0_CLIENT_2}"
    ]
}

This file has a number of variables in it. Let’s go through them one by one:

The javascript code for fetch user profile ${SCRIPT} is:

function (token, tokenSecret, ctx, cb) {
    var OAuth = new require('oauth').OAuth;
    var oauth = new OAuth(
      ctx.requestTokenURL,
      ctx.accessTokenURL,
      ctx.client_id,
      ctx.client_secret,
      '1.0A',
      null,
      'HMAC-SHA1'
    );

    oauth.get('https://api.trello.com/1/members/me', token, tokenSecret, function(e, b, r) {
        if (e) {
          return cb(e);
        }
        if (r.statusCode !== 200) {
          return cb(new Error('Failed to authenticate with Trello. Code: ' + r.statusCode));
        }

        var member = JSON.parse(b);

        var profile = {
          user_id: member.id,
          email: member.email,
          name: member.fullName,
          email_verified: member.confirmed,
          nickname: member.username,
          token: token,
          token_secret: tokenSecret
        };

        cb(null, profile);
    })
}

Calling the Trello API on their behalf

Once the user logs in with the Trello Auth0 connection, you’ll see the token and tokenSecret values stored on that user profile. These can be used to call the Trello API on behalf of the user. For example:

from trello import TrelloClient

client = TrelloClient(
    api_key='${YOUR_TRELLO_CLIENT_ID}',
    api_secret='${YOUR_TRELLO_CLIENT_SECRET}',
    token='${TOKEN}',
    token_secret='${TOKEN_SECRET}'
)

The variables in this example are as follows:

Summary

In order to support Trello connections with Auth0, you must create a custom OAuth 1.1 connection with a custom javascript function that fetches Trello user information to create an Auth0 user profile.

Return home