Authentication

User Guide

Install Configuration S3/Folder Browser Database Browser Table Viewer Exploratory Data Analysis Embedding Visualization

Deep Dive

SmooSense supports optional authentication using Auth0. When configured, all pages require users to log in before accessing the application.

1. Overview#

Authentication is optional by default. If no Auth0 credentials are configured, SmooSense runs without authentication and all pages are publicly accessible. This is suitable for local development or private deployments.

When Auth0 is configured, users must authenticate before accessing any page. Unauthenticated users are redirected to Auth0's login page.

2. Setting Up Auth0#

2.1 1. Create an Auth0 Application#

Go to Auth0 Dashboard
Navigate to Applications > Applications
Click Create Application
Choose Regular Web Application
Note your Domain, Client ID, and Client Secret

2.2 2. Configure Callback URLs#

In your Auth0 application settings, configure:

Allowed Callback URLs: http://localhost:8000/auth/callback
Allowed Logout URLs: http://localhost:8000, http://localhost:8000/auth/login

For production, replace localhost:8000 with your actual domain (e.g., https://app.example.com and https://app.example.com/auth/login).

2.3 3. Set Environment Variables#

Set the following environment variables before starting SmooSense:

export AUTH0_DOMAIN="your-tenant.auth0.com"
export AUTH0_CLIENT_ID="your-client-id"
export AUTH0_CLIENT_SECRET="your-client-secret"
export APP_SECRET_KEY="your-random-secret-key"  # Optional, auto-generated if not set

You can also create a .env file in your project directory with these values.

2.4 4. Start SmooSense#

sense

When Auth0 is properly configured, you'll see a log message:

Auth0 authentication enabled

3. Authentication Flow#

User visits any protected page (e.g., /, /FolderBrowser, /Table)
If not authenticated, user is redirected to /auth/login
Auth0 handles the login (username/password, SSO, etc.)
After successful login, user is redirected back to the application
User session is stored and maintained until logout

4. API Endpoints#

SmooSense provides the following authentication endpoints:

Endpoint	Description
`/auth/login`	Initiates Auth0 login flow (shows account picker)
`/auth/logout`	Clears session, logs out from Auth0, and redirects to home
`/auth/retry`	Clears session, logs out from Auth0, and redirects to login
`/auth/callback`	Handles OAuth callback from Auth0
`/auth/me`	Returns current user info as JSON

4.1 Check Authentication Status#

Visit /auth/me in your browser to check the current authentication status.

Returns:

{
  "authenticated": true,
  "email": "[email protected]",
  "name": "John Doe",
  "picture": "https://..."
}

Or if not authenticated:

{
  "authenticated": false
}

5. Restricting Access by Email Domain#

You can restrict access to users from specific email domains using Auth0 Actions. In your Auth0 Dashboard:

Go to Actions > Flows > Login
Create a new Action with this code:

exports.onExecutePostLogin = async (event, api) => {
  if (!event.user.email) {
    api.access.deny('access_denied', 'Email required');
    return;
  }

  const allowList = ['mycorp.com', 'partner.com']; // Your allowed domains

  const parts = event.user.email.split('@');
  const domain = parts[parts.length - 1].toLowerCase();

  if (!allowList.includes(domain)) {
    api.access.deny(
      'access_denied',
      'Only specific email domains are allowed to access this app.'
    );
  }
};

Deploy the Action and add it to your Login flow

6. Troubleshooting#

6.1 "Auth0 not configured, running without authentication"#

This message appears when environment variables are not set. Verify:

AUTH0_DOMAIN is set
AUTH0_CLIENT_ID is set
AUTH0_CLIENT_SECRET is set

6.2 Callback URL Mismatch#

Ensure your Auth0 application's "Allowed Callback URLs" exactly matches http://your-host:port/auth/callback.

6.3 Session Not Persisting#

If sessions aren't persisting across requests, ensure:

APP_SECRET_KEY is set consistently (not auto-generated each restart)
Cookies are enabled in the browser