The beauty of standards is that they span vendors. Auth0 is a big champion of open standards, including OAuth 2.0. In this tutorial, we will leverage OAuth 2.0 Client Credentials to access sensitive dashboards securely by leveraging Screenly’s Edge Apps.
The relevance of these open standards becomes particularly evident when we consider the omnipresence of digital signage in our daily lives.
Screens, Screens, Screens
They’re everywhere. Advertisement, self-checkout counters, and dashboards on your office walls. The use cases are endless. In industry terms, these screens are known as Digital Signage. Screenly is a leading provider of secure digital signage, trusted by the likes of banks and Fortune 500 companies.
Screenly was recently asked to implement a Power BI dashboard in a secure fashion. They had very strict requirements about how the authentication flow could happen and how the sensitive information could be stored. Fortunately, this company embraces open standards and relies heavily on OAuth 2.0 for internal authentication. More precisely, they had adopted the OAuth 2.0 Client Credential flow as their standard to use whenever possible for services to be integrated. Recognizing these stringent security needs and their client's preference for robust authentication protocols, Screenly used Edge Apps, a developer framework that allows developers to deploy applications in a secure fashion. As we discussed possible solutions with the client’s security team, Screenly realized that they could solve all of their security concerns by making the OAuth 2.0 Client Credential feature a first-class citizen in the Edge App runtime environment. So they did. The result was the Power BI Edge App, which can be found on their Playground on GitHub. Now, PowerBI is just one of many assets that need to be protected. There are a large number of assets that customers may want to show on their screens, such as internal dashboards, that are protected by some sort of authentication.
Connect Screenly with Auth0
In this tutorial, we will mimic what Screenly did for their customers but for your internal assets. For the sake of argument, let’s assume it is an internal dashboard that you want to display on your office walls but have been unable to do so due to security concerns.
In this guide, we'll utilize an Edge App to execute an OAuth 2.0 Client Credential Flow, enabling automation of the login process for apps supported by Auth0.
Big-picture, the way the Client Credential flow works is as follows:
The client initiates the authentication process by sending a POST request to the authentication end-point, with, among other things, the Client ID and Client Secret. Assuming the request was successful, the authentication server will return a Bearer Token (that usually expires soon thereafter) The client can now authenticate to the dashboard using the Bearer Token to access the resource.
To mimic this flow, we will be building on top of the Auth0 Getting Started Guide.
- Establish an Auth0 account and configure it using the Getting Started Guide.
- Clone and set up a sample app using Auth0's Flask Example for a comprehensive demonstration.
Once you have your Flask application running, you need to ensure your application is network-accessible (i.e., not restricted to localhost). If not, the Screenly Player will not be able to communicate with the resource.
In order to authenticate to the Flask App, we now need to generate our credentials as per this guide. Once done, you need to take note of the following:
- Authentication URL
- Client ID
- Client Secret
- Audience
Equipped with this information, we'll craft an Edge App to facilitate automatic logins into your Auth0-protected resource.
Crafting the Edge App
Before diving in, ensure: * You have an active Screenly account. * You possess a Screenly Player, preferably a Screenly Player Max.
Install the Screenly CLI. For macOS users with Homebrew:
$ brew tap screenly/screenly-cli $ brew install screenly-cli
After installing the CLI, run
screenly loginNext, initiate the creation of your Edge App by generating the
screenly.yml--- app_id: entrypoint: http://my.app.com settings: oauth2_client_secret: type: secret title: Oauth 2 Client Secret optional: true help_text: Auth0 Client Secret oauth2_client_id: type: string title: Oauth 2 Client ID optional: true help_text: Auth0 Client ID oauth2_audience: type: string title: Oauth 2 Audience optional: true help_text: Auth0 Audience oauth2_scope: type: string title: Oauth 2 Scope optional: true help_text: Auth0 Scope oauth2_endpoint: type: string title: Oauth 2 Entrypoint optional: true help_text: Auth0 Entrypoint
Modify the
entrypointFollowing this, embed the application into the system using the specified command. Then, after updating the
app_idscreenly.ymlComplete the process by promoting the Edge App as an asset, which, once done, will be visible in your web interface as
Auth0 Example (stable)Once you've run that final command, you should see an asset named
Auth0 Example (stable)That’s a wrap!
That’s it! While the above simply used a basic Flask application, it could equally well have been a fully-fledged dashboard that supports the authentication flow adopted by the Flask application.
About the author
Viktor Petersson
CEO / Co-founder at Screenly Inc
Viktor, a seasoned entrepreneur, initiated his journey in the business world during his college years. His first venture, YippieMove, emerged as a pioneering email migration service, setting the stage for his future successes. Demonstrating a keen sense for uncharted territories, Viktor then co-created Blotter, a productivity app for macOS that not only was bootstrapped but also climbed to the top 10 in the Mac App Store before its discontinuation.
Prior to the widespread adoption of remote work spurred by the COVID-19 pandemic, Viktor had already recognized the transformative potential of a decentralized workforce. He leveraged this insight to lead his early ventures, particularly Blotter, towards prosperity as bootstrapped operations, embracing remote-only models long before they became a global norm.
Following these successes, Viktor co-founded Screenly, where he currently leads as a visionary. Screenly, also a bootstrapped venture, was created with the ambition of developing the world’s first developer-friendly digital signage product. Under Viktor’s stewardship, the company has introduced revolutionary products like Anthias, the top-ranked open source digital signage solution, and Screenly’s flagship offering, which now powers over 10,000 screens globally. Viktor’s innovative mindset and relentless entrepreneurial spirit continue to propel the digital signage industry into the future.