> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> How to authenticate and authorize a Tessel device with Auth0.

# Authenticating & Authorizing a Tessel device with Auth0

[Tessel](https://tessel.io) is an amazing board. Not only it has a great hardware spec and a great extensibility story, you can program it in Javascript! When it was announced on Kickstarter we immediately supported it and waited long weeks to get hold of one.

<Frame>
  <img src="https://mintcdn.com/docs-staging-quickstart-revamp/rHYM5iMy6d7A-FVR/images/cdy7uua7fh8z/5mSnxvHvgWrHtCwk35z4Db/891c39e289c58d97c7a4047084d118a5/TM-00-04-ports.png?fit=max&auto=format&n=rHYM5iMy6d7A-FVR&q=85&s=c5bf4afc0ec4d99832a4b0e260608608" alt="Tessel - Tessel Ports Diagram" width="750" height="511" data-path="images/cdy7uua7fh8z/5mSnxvHvgWrHtCwk35z4Db/891c39e289c58d97c7a4047084d118a5/TM-00-04-ports.png" />
</Frame>

It finally arrived we can write our first program: get a token from Auth0 and call an API.

Tessel aims for full compatibility with Javascript. Most of core Node modules also work, but not all of them. See [the Tessle docs in Github](https://github.com/tessel/docs/blob/master/compatibility.md) for more details.

## The sample

This example is straight-forward:

1. We call the Resource Owner endpoint on Auth0 with device credentials
2. Get a token back
3. We use the token to call an API

<Frame>
  <img src="https://mintcdn.com/docs-staging-quickstart-revamp/d9I4PO9-WombE4fE/images/cdy7uua7fh8z/3iyOfO564gkbyQSsvTJE9c/a981ca1166d1384ba2e5e7dd72f5a255/2023-09-22_13-14-21.png?fit=max&auto=format&n=d9I4PO9-WombE4fE&q=85&s=15f0042341db40757340b64fc9f9c73d" alt="Tessel - Tessel to Auth0 Flow Diagram" width="730" height="187" data-path="images/cdy7uua7fh8z/3iyOfO564gkbyQSsvTJE9c/a981ca1166d1384ba2e5e7dd72f5a255/2023-09-22_13-14-21.png" />
</Frame>

```javascript lines expandable
var http = require('https');
var tessel = require('tessel');

tessel.syncClock(function () {

  var device_id = 'tessel-01';
  var password = 'THE TESSEL PASSWORD';

  authenticate(device_id, password, function(e,token){

    if(e) return console.log("Error:" + e);

    getDeviceProfile(token.access_token, function(e, profile){
      console.log("Device profile:");
      console.log(profile);
    });
  });

  function getDeviceProfile(token, done){
    request('{yourDomain}',
          '/userinfo',
          'GET',
          {
          "Content-type": "application/json",
          "Authorization": "Bearer " + token
        },
        null,
        function(e,response){
          if(e) return done(e);
          done(null, JSON.parse(response));
        });
  }

  function authenticate(device_id, password, done)
  {
    request('{yourDomain}',
          '/oauth/ro',
          'POST',
          {
          "Content-type": "application/json",
        },
        JSON.stringify({
            client_id:   '{yourClientId}',
            username:    device_id,
            password:    password,
            connection:  'devices',
            grant_type:  "password",
            scope: 'openid'
          }),
          function(e,response){
            if(e) return done(e);
            done(null, JSON.parse(response));
        });
  }

  function request(host, path, method, headers, body, done){
    var options = {
      hostname: host,
      path: path,
      method: method,
      headers: headers
    };

    var req = http.request(options, function(res) {
      res.setEncoding('utf8');

      var response = "";

      res.on('data', function (chunk) {
        response += chunk;
      });

      res.on('end', function(){
        done(null, response);
        });
    });

    req.on('error', function(e) {
      done(e);
    });

    if( body ) req.write(body);
    req.end();
  }
});
```

Noteworthy highlights of the code:

1. This is 99% compatible with Node (the only device specific module.is `tessel` that we only use to make sure all SSL calls happen with adequate time references.
2. The `request` function, is a simple wrapper on `http` module functions. The `request` module doesn't currently work in Tessel.

The <Tooltip tip="Resource Owner: Entity (such as a user or application) capable of granting access to a protected resource." cta="View Glossary" href="/docs/glossary?term=Resource+Owner">Resource Owner</Tooltip> endpoint requires credentials (such as username/password), so the backend user store connected to Auth0 needs to support this (like a Database connection or Active Directory).

## Tessel Setup

* Run `tessel update` to make sure you install the latest firmware with SSL support.
* You will obviously need connection to the web. You can set up WiFi with the `tessel wifi` command.
* Always send credentials (such as `username`/`password`) over secured networks.

## Summary

Tessel is awesome. We see a lot of potential. This sample shows how easy it is to connect it with Auth0.
