Introduction 

Demo overview

This demo shows two separate but intertwined functionalities:

1.

Circle Credential-free Authentication – as it can be used when integrated with Auth0 for Federated Identities (e.g. Google/Gmail);

2.

The ability of a user to add and manage additional devices that will share the same Secure Capsule and Auth0 token, leveraging Circle's distributed peer-to-peer multifactor authentication.  This is completely out-of-band and unspoofable so long as the user personally generates the codes and inputs them directly on the new device.

3.

The ability of the user to share the same authentication across multiple browsers.

1. Credential-free Authentication

The Auth0 Integration enables integration with the Circle REST API and Circle Service.  The developer can add any identity provider that is supported by Auth0.  For this demo, we selected Google/Gmail and LinkedIn. Simply pick the one you prefer. The user is authenticated by Auth0 using the API and then the following process commences:

1.

The user requests and securely receives the Access Token and Refresh Token;

2.

The Access Token is used to log the user in; and

3.

The Refresh Token is securely stored in a Circle Secure Capsule on the device for future frictionless logins.
After this process, the user no longer needs to provide credentials, including passwords or any other information, to authenticate with the Identity Provider for all future sessions.

This is because the user has been identified by Auth0, which in turn has authenticated against Circle using the Refresh Token so that both parties are satisfied with each other’s identity prior to issuing an Access Token.
Resetting the Refresh Token from Circle Secure Capsule
The reset button deletes the refresh token from Circle Secure Capsule. The user must now re-authenticate through Auth0 with the selected Federated Identity Provider (in the case of Google).
Logging Out
The Log Out button is used to log the user out of the Web page, but the refresh token remains stored in Circle Secure Capsule. The user can then log in again using this stored token..

Re-authentication: See below.

In this demo, you can also invite your other devices to the secured capsule.

2.  Add and manage devices

In this demo, you can also invite your other devices to the secured capsule.

1.

First, you will need to navigate to your profile icon.

2.

If you are inviting a new devices, click add device and you will be given an Invite ID and an Auth Code. Take note of these.

3.

Sign into the demo using the device that you wish to ad.

4.

Navigate to your profile icon again and click Accept Invite and input both the Invite ID and the Auth Code.
If the codes match, your new device will be authorized and the secure capsule containing the AuthO refresh token synchronized to that device.   Now you can enjoy credential-free secure authentication on that device - even if your browsers there aren't logged in to your identity provider.

3.  Cross browser authentication

Circle also enables users to be authenticated and log-in to any website or application across any browser - without the need for any additional steps. This is because the Secure Capsule stores the Auth0 token - or anything else needed to authenticate (e.g., secrets, private keys, etc.) - securely on the endpoint device. Unlike a cookie, Secure Capsules are totally secure (AES 256 encrypted); accessible ONLY by your web server or application; and can contain an unlimited amount of data that cannot be messed with by the user or any attacker that gets onto that device.

To try our cross-browser functionality: 

1.

Be logged in on any browser.

2.

Open a different browser.  For example, if your logged in on Chrome, open Microsoft Edge.

3.

Copy the URL from the logged in brower to the new browser. 

4.

Voila! The same authentication works on any browser.