auth0-branding

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Auth0 Branding

Auth0品牌定制

Style Auth0 Universal Login to match a brand. Covers the theme (colors, typography, borders, widget layout), tenant-level branding settings (logo, favicon, primary color), page templates (Liquid HTML that wraps the widget), and custom text per screen.
将Auth0 Universal Login设置为匹配品牌风格。涵盖主题(颜色、排版、边框、组件布局)、租户级品牌设置(Logo、网站图标、主色调)、页面模板(包裹登录组件的Liquid HTML)以及各屏幕的自定义文本。

Capabilities

功能

When this skill is invoked with a specific intent in the opening message (e.g., "brand my tenant from ferrari.com", "reset the theme", "check if Universal Login is on"), parse the intent and route directly to the matching capability below. Do not show a picker.
When this skill is invoked without intent (bare
/auth0-branding
, or a vague "help me with branding"), show the table below and ask in one line: "Pick a number, name one, or describe what you want." Parse the reply — accept
1
,
"brand my tenant"
, or
"make it look like acme.com"
equivalently.
#CapabilityWhat it does
1Brand my tenantStyle Universal Login end-to-end from a website I own, brand assets I have, or manual input. Colors, logo, typography, page layout, and (optionally) login text voice, applied together
2Change specific settingsUpdate individual pieces directly: a logo, color, font, corner radius, background, button label, or the page template. No URL extraction or asset parsing needed
3Match my brand voiceRewrite Universal Login text to sound like a source I provide: my website, sample copy, or a voice descriptor. Text only; doesn't touch colors or layout
4Rollback to Auth0 defaultsPick what to clear: tenant branding settings, the theme, the page template, or custom text on specific prompts
5Check my setupVerify that login, signup, password reset, and MFA are actually running Universal Login on my tenant and not Classic. Safe read-only starter
The Prerequisites section applies to all capabilities.
当在初始消息中带着明确意图调用本技能时(例如:"根据ferrari.com品牌化我的租户"、"重置主题"、"检查Universal Login是否启用"),解析意图并直接路由到下方对应的功能,无需展示选择器。
无明确意图调用本技能时(直接输入
/auth0-branding
,或模糊请求"帮我处理品牌设置"),展示下方表格并以一句话询问:"选择编号、说出名称,或描述你的需求。"解析回复——接受
1
、"品牌化我的租户"或"让它看起来像acme.com"等等效表述。
编号功能作用
1品牌化我的租户根据我拥有的网站、品牌资产或手动输入,端到端设置Universal Login风格。同时应用颜色、Logo、排版、页面布局,以及(可选)登录文本语气
2修改特定设置直接更新单个设置项:Logo、颜色、字体、圆角、背景、按钮标签或页面模板。无需提取URL或解析资产
3匹配我的品牌语气根据我提供的来源(网站、示例文案或语气描述)重写Universal Login文本。仅处理文本,不涉及颜色或布局
4回滚到Auth0默认设置选择要清除的内容:租户品牌设置、主题、页面模板,或特定提示的自定义文本
5检查我的配置验证登录、注册、密码重置和MFA流程是否在我的租户上运行Universal Login而非Classic版本。安全的只读初始检查功能
前提条件部分适用于所有功能。

Prompt style

提示风格

Prefer free-text prompts. The skill should parse natural replies, not force clicks. Use
AskUserQuestion
only when one of these applies:
  1. Multi-select of non-obvious options where seeing the full list helps the user (e.g., Capability 3's flow categories — user won't remember the full set off the top of their head).
  2. Destructive-path safety gate (e.g., Capability 4's "save a backup before reset?" yes/no).
  3. Disambiguation between 3+ distinct paths with meaningful trade-offs the user wouldn't know by heart.
Everything else is free text. Specifically:
  • Review prompts ("proceed? apply / edit / cancel, or tell me what to change") are free text. Parse the reply. If the reply names specific changes, apply them inline and re-render the proposal; don't make the user click through an edit submenu.
  • "Paste a value" asks (hex code, URL, font name) are free text. Don't wrap single-field input in a picker.
  • Capability routing at entry is free text. See the paragraph above the capabilities table.
Discoverability cue: every proposal must list the editable knobs inline, including "off by default" ones (voice rewriting, page template, layout override). Users can't ask to edit what they don't know exists. The "Also available" block under the main proposal in Capability 1 is the canonical pattern.
Don't auto-run optional steps (e.g., voice-flow detection, Brandfetch lookup on an unverified domain). Ask first whether the user wants to list, detect, or pick.
优先使用自由文本提示。技能应解析自然语言回复,而非强制点击。仅在以下情况使用
AskUserQuestion
  1. 非明显选项的多选:查看完整列表对用户有帮助(例如:功能3的流程分类——用户无法凭记忆想起全部选项)。
  2. 破坏性操作的安全确认(例如:功能4中的"重置前是否保存备份?"是/否)。
  3. 3个以上有明显权衡的路径歧义消除:用户无法凭记忆了解这些权衡。
其他所有场景均使用自由文本。具体来说:
  • 确认提示("是否继续?应用/编辑/取消,或告诉我需要修改的内容")采用自由文本。解析回复。如果回复提及具体修改内容,直接应用并重新生成方案;不要让用户点击编辑子菜单。
  • "粘贴值"请求(十六进制代码、URL、字体名称)采用自由文本。不要将单字段输入包装在选择器中。
  • 入口处的功能路由采用自由文本。参见功能表格上方的段落。
可发现性提示:每个方案必须内联列出可编辑的设置项,包括默认关闭的选项(语气重写、页面模板、布局覆盖)。用户无法请求编辑他们不知道存在的内容。功能1主方案下的"还可配置"区块是标准模式。
不要自动运行可选步骤(例如:语气检测、对未验证域名的Brandfetch查询)。先询问用户是否需要列出、检测或选择。

Plan mode

计划模式

When Claude Code is in plan mode, the skill's writes — PATCH/PUT/DELETE/POST against the Management API, plus local file writes (backup JSON, Brandfetch key) — are held until the plan is approved.
What's allowed:
  • GETs against the Management API (loading current theme, branding, custom text, prompts, connections, tenant settings). These drive the proposal and diagnostics.
  • LLM-only work: voice classification, translation generation, proposal rendering.
  • Capability 5 runs unchanged; it's already read-only.
What's deferred:
  • All Management API writes (no PATCH/PUT/DELETE/POST).
  • Local file writes: Capability 4 backup JSON, Capability 1 Brandfetch-key save.
  • auth0 test login
    (it starts an auth flow in a browser — not a tenant mutation, but a side effect; defer it along with the writes).
Still do the interactive asks. The Brandfetch-key prompt in Capability 1, the source/screens/locale prompts in Capability 3, the surface/backup prompts in Capability 4 — all still happen. Plan mode defers execution, not intent gathering. For any ask whose answer triggers a write (e.g., "paste a Brandfetch key"), collect the answer and note in the plan "will save to
${XDG_CONFIG_HOME:-$HOME/.config}/auth0-branding/brandfetch.key
on approval."
Plan contents. Produce a complete plan covering:
  • Target tenant (from
    auth0 tenants list
    ) and the active-tenant confirmation.
  • Every concrete API call the skill will make, in order: method, path, and a summary of the body (full payloads for small objects like
    PATCH /branding
    ; key names + change counts for large ones like the merged theme object or custom-text PUTs).
  • Every local file write, with absolute path.
  • Scope pre-check outcome for Capability 4, so scope failures surface before approval.
  • The post-apply
    auth0 test login
    step, if applicable.
Then call
ExitPlanMode
.
After approval. Normal execution resumes. All existing gates still apply: active-tenant confirmation, production-write confirmation, WCAG contrast warnings, template-tag validation, merge-before-PUT for custom text, scope checks for destructive operations.
当Claude Code处于计划模式时,技能的写入操作——针对Management API的PATCH/PUT/DELETE/POST请求,以及本地文件写入(备份JSON、Brandfetch密钥)——将被暂停,直到计划获得批准。
允许的操作:
  • 针对Management API的GET请求(加载当前主题、品牌设置、自定义文本、提示、连接、租户设置)。这些用于生成方案和诊断。
  • 仅LLM处理:语气分类、翻译生成、方案渲染。
  • 功能5保持不变;它已是只读操作。
延迟的操作:
  • 所有Management API写入操作(禁止PATCH/PUT/DELETE/POST)。
  • 本地文件写入:功能4的备份JSON、功能1的Brandfetch密钥保存。
  • auth0 test login
    (它会在浏览器中启动认证流程——不属于租户变更,但属于副作用;与写入操作一同延迟)。
仍需进行交互式询问。功能1中的Brandfetch密钥提示、功能3中的来源/屏幕/区域设置提示、功能4中的清除范围/备份提示——所有这些仍需执行。计划模式延迟的是执行,而非意图收集。对于任何答案会触发写入操作的询问(例如:"粘贴Brandfetch密钥"),收集答案并在计划中注明"批准后将保存到
${XDG_CONFIG_HOME:-$HOME/.config}/auth0-branding/brandfetch.key
"。
计划内容。生成完整计划,包含:
  • 目标租户(来自
    auth0 tenants list
    )及活跃租户确认。
  • 技能将执行的每一个具体API调用,按顺序排列:方法、路径、请求体摘要(对于
    PATCH /branding
    等小型对象提供完整负载;对于合并后的主题对象或自定义文本PUT等大型对象提供键名+变更计数)。
  • 每个本地文件写入操作的绝对路径。
  • 功能4的权限预检查结果,以便在批准前发现权限失败问题。
  • 适用情况下,批准后的
    auth0 test login
    步骤。
然后调用
ExitPlanMode
批准后。恢复正常执行。所有现有验证仍适用:活跃租户确认、生产环境写入确认、WCAG对比度警告、模板标签验证、自定义文本PUT前的合并操作、破坏性操作的权限检查。

Verify in browser (post-apply)

浏览器验证(应用后)

After any capability writes to the tenant (capabilities 1–4), offer to open the live Universal Login page so the user can see the result immediately. Free-text prompt, not a picker:
Open the login page in a browser to verify? (yes / no)
If yes: run
auth0 test login
on the active tenant. The CLI starts an authorization code flow against the default app and opens the browser. If the environment is headless or the browser fails to open, the CLI prints the authorize URL to stdout — capture it and pass it to the user to open manually.
If no: end with the summary of what was written.
Notes:
  • This applies to Capability 1 (Brand my tenant), Capability 2 (Change specific settings), Capability 3 (Match my brand voice), and Capability 4 (Rollback to Auth0 defaults). In the rollback case, the browser page should render Auth0's built-in defaults — that's the verification.
  • Capability 5 (Check my setup) is read-only; skip this step.
  • If the user has a preferred client they test against, they'll mention it;
    auth0 test login --client-id <id>
    targets a specific app. Otherwise use the default.
任何功能对租户执行写入操作后(功能1-4),主动提议打开实时Universal Login页面,让用户立即查看结果。采用自由文本提示,而非选择器:
是否在浏览器中打开登录页面进行验证?(是/否)
如果:在活跃租户上运行
auth0 test login
。CLI会针对默认应用启动授权码流程并打开浏览器。如果环境是无头模式或浏览器无法打开,CLI会将授权URL打印到标准输出——捕获该URL并提供给用户手动打开。
如果:以写入操作的摘要结束流程。
注意:
  • 此步骤适用于功能1(品牌化我的租户)、功能2(修改特定设置)、功能3(匹配我的品牌语气)和功能4(回滚到Auth0默认设置)。在回滚情况下,浏览器页面应渲染Auth0的内置默认设置——这就是验证方式。
  • 功能5(检查我的配置)是只读操作;跳过此步骤。
  • 如果用户有偏好的测试客户端,他们会提及;
    auth0 test login --client-id <id>
    可针对特定应用。否则使用默认应用。

Key Concepts

核心概念

ConceptDescription
ThemeVisual settings (colors, fonts, borders, widget layout, backgrounds) applied to Universal Login. Auth0 currently renders only the default theme; additional themes can be created via the API but are not used by Universal Login
Branding SettingsTenant-level logo, favicon, primary color, and page background color
Page TemplateCustom HTML using Liquid syntax that wraps the login widget; requires a custom domain
Text CustomizationPer-prompt, per-screen, per-language text overrides on Universal Login pages
Custom Text VariablesCustomer-defined keys (prefixed
var-
) in the Custom Text API, referenced from templates and partials as camelCase
Custom DomainRequired for page templates; maps your domain to Auth0's login pages
Universal Login vs ClassicTenants can render each flow (login/signup, password reset, MFA) in either experience. Theme, template, and no-code editor only apply to flows running Universal Login
概念描述
Theme(主题)应用于Universal Login的视觉设置(颜色、字体、边框、组件布局、背景)。Auth0目前仅渲染默认主题;可通过API创建其他主题,但Universal Login不会使用
Branding Settings(品牌设置)租户级的Logo、网站图标、主色调和页面背景色
Page Template(页面模板)使用Liquid语法的自定义HTML,包裹登录组件;需要自定义域名
Text Customization(文本定制)Universal Login页面上按提示、按屏幕、按语言的文本覆盖
Custom Text Variables(自定义文本变量)客户定义的键(前缀为
var-
),在Custom Text API中使用,在模板和局部视图中以驼峰式引用
Custom Domain(自定义域名)页面模板的必填项;将你的域名映射到Auth0的登录页面
Universal Login vs Classic租户可为每个流程(登录/注册、密码重置、MFA)选择其中一种体验。主题、模板和无代码编辑器仅适用于运行Universal Login的流程

Prerequisites

前提条件

These apply to any capability that writes to the tenant. "Check my setup" is read-only and can be run first to verify these are in place.
这些适用于任何对租户执行写入操作的功能。"检查我的配置"是只读操作,可先运行以验证这些条件是否满足。

CLI Tenant Context (if using the
auth0
CLI)

CLI租户上下文(如果使用
auth0
CLI)

The Auth0 CLI is authenticated to one tenant at a time. All
auth0 ...
commands run against whichever tenant the CLI is currently logged into:
bash
auth0 tenants list       # shows all tenants; the active one is marked with →
auth0 tenants use <name> # switch active tenant; prompts for browser login if not already authenticated
Before any write operation in any capability, run
auth0 tenants list
, show the active tenant to the user, and get explicit confirmation to proceed.
If it's the wrong tenant, stop. Tell the user to run
auth0 tenants use <name>
(or
auth0 login
if the target isn't in the list) themselves and re-invoke the skill. Do not try to switch tenants on the user's behalf.
For non-interactive or multi-tenant automation, skip the CLI and call the Management API directly with an explicit domain + bearer token per call. See
references/examples.md
.
Auth0 CLI一次仅认证一个租户。所有
auth0 ...
命令针对CLI当前登录的租户运行:
bash
auth0 tenants list       # 显示所有租户;活跃租户标记为→
auth0 tenants use <name> # 切换活跃租户;如果未认证,会提示浏览器登录
**在任何功能执行写入操作前,运行
auth0 tenants list
,向用户展示活跃租户并获得明确的继续确认。**如果租户错误,停止操作。告知用户自行运行
auth0 tenants use <name>
(如果目标租户不在列表中则运行
auth0 login
),然后重新调用本技能。不要尝试替用户切换租户。
对于非交互式或多租户自动化场景,跳过CLI,直接调用Management API,每次调用使用明确的域名+Bearer令牌。参见
references/examples.md

Universal Login Active for the Flows You Want to Brand

目标流程已启用Universal Login

Themes and templates only apply to flows actually running in Universal Login. Tenants can run in hybrid mode where some flows are Classic. Run Capability 5 ("Check my setup") to diagnose which flows will and won't be affected. See
references/capability-check.md
for the Classic-toggle mechanics.
主题和模板仅适用于实际运行Universal Login的流程。租户可能处于混合模式,部分流程使用Classic版本。运行功能5("检查我的配置")可诊断哪些流程会受影响。参见
references/capability-check.md
了解Classic切换机制。

Custom Domain (only if working with page templates)

自定义域名(仅在处理页面模板时需要)

Page templates require a custom domain on the tenant. Branding settings, theme, and text customization do not. If the task involves page templates and no custom domain is configured, use the
auth0-custom-domains
skill to set one up.
页面模板要求租户配置自定义域名。品牌设置、主题和文本定制不需要。如果任务涉及页面模板但未配置自定义域名,使用
auth0-custom-domains
技能进行设置。

Capability 1: Brand my tenant

功能1:品牌化我的租户

End-to-end branding from a website URL, inline brand values, or a short ask — fills primary color, logo, font, and page background, shows one proposal, and applies the theme.
See
references/capability-brand.md
.
通过网站URL、内联品牌值或简短请求进行端到端品牌设置——填充主色调、Logo、字体和页面背景,展示一个方案并应用主题。
参见
references/capability-brand.md

Capability 2: Change specific settings

功能2:修改特定设置

Manual branding update driven by the user's natural-language intent — the skill resolves the phrase to specific fields, stages changes, and applies as a batch.
See
references/capability-manual.md
.
由用户自然语言意图驱动的手动品牌更新——技能将语句解析为特定字段,暂存变更并批量应用。
参见
references/capability-manual.md

Capability 3: Match my brand voice

功能3:匹配我的品牌语气

Rewrite Universal Login text to match a source the user provides (website, sample copy, or voice descriptor); doesn't touch colors, layout, or logo.
See
references/capability-voice.md
. See
references/screens.md
for the category → prompts → screens map.
根据用户提供的来源(网站、示例文案或语气描述)重写Universal Login文本;不涉及颜色、布局或Logo。
参见
references/capability-voice.md
。参见
references/screens.md
了解分类→提示→屏幕映射。

Capability 4: Rollback to Auth0 defaults

功能4:回滚到Auth0默认设置

Clear one or more branding surfaces and restore Auth0's defaults, per-surface. Destructive; always confirms before writing.
See
references/capability-rollback.md
.
清除一个或多个品牌设置区域并恢复Auth0默认值,按区域操作。属于破坏性操作;执行写入前始终确认。
参见
references/capability-rollback.md

Capability 5: Check my setup

功能5:检查我的配置

Read-only diagnosis. Answers "will theme changes actually show up on the flows I care about?" Safe to run first when diagnosing "why doesn't my theme show up?"
See
references/capability-check.md
.
只读诊断。回答"主题变更是否会在我关心的流程上生效?"当诊断"为什么我的主题不显示?"时,可安全地先运行此功能。
参见
references/capability-check.md

Common Mistakes

常见错误

MistakeWhat to Do Instead
Creating additional themes via
POST /branding/themes
(Universal Login only renders the default theme; POSTed themes exist but never apply)
Always update the default theme:
GET /branding/themes/default
, then PATCH by its
themeId
Sending a partial PATCH on a theme (PATCH requires all top-level sections)GET the theme, apply your changes, then PATCH with the full object
Theme or page template changes do not appear on login/reset/MFA (a tenant-wide toggle is forcing that flow into Classic)Run "Check my setup". Fix the offending tenant toggle:
universal_login_experience: classic
(login/signup),
change_password.enabled: true
(reset), or
guardian_mfa_page.enabled: true
(MFA)
Missing
auth0:head
or
auth0:widget
in templates (both are required; the page will not render without them)
Always include both; refuse the PUT otherwise
Using PUT for custom text without merging (PUT replaces all text for that prompt/language)GET current text first, merge, then PUT the full object
For the extended list (theme field requirements, Brandfetch ToS, homepage-only extraction gaps, CSS class names, CLI tenant context), see
references/api.md
.
错误正确做法
通过
POST /branding/themes
创建额外主题(Universal Login仅渲染默认主题;POST创建的主题存在但永远不会生效)
始终更新默认主题:
GET /branding/themes/default
,然后通过其
themeId
进行PATCH
对主题发送部分PATCH请求(PATCH需要所有顶级字段)先GET主题,应用变更,然后发送完整对象进行PATCH
主题或页面模板变更未在登录/重置/MFA流程上显示(租户全局切换强制该流程使用Classic版本)运行"检查我的配置"。修复有问题的租户切换设置:
universal_login_experience: classic
(登录/注册)、
change_password.enabled: true
(重置)或
guardian_mfa_page.enabled: true
(MFA)
模板中缺少
auth0:head
auth0:widget
(两者都是必填项;缺少则页面无法渲染)
始终包含两者;否则拒绝PUT请求
使用PUT操作自定义文本而未合并(PUT会替换该提示/语言的所有文本)先GET当前文本,合并后再发送完整对象进行PUT
扩展错误列表(主题字段要求、Brandfetch服务条款、仅首页提取的局限性、CSS类名、CLI租户上下文)参见
references/api.md

References

参考资料

In-skill (progressive disclosure):
  • references/capability-brand.md
    : "Brand my tenant" flow; extraction pipeline, source priority, Apply step
  • references/capability-manual.md
    : "Change specific settings" flow; intent mapping, per-surface write mechanics, Apply/Guardrails
  • references/capability-voice.md
    : "Match my brand voice" flow; source prompt, category checklist, opt-in detection, locale handling, generate-and-apply
  • references/capability-rollback.md
    : "Rollback to Auth0 defaults" flow; scope pre-check, surface selection, backup, execute
  • references/capability-check.md
    : "Check my setup" flow; Classic-toggle background, checks, output format
  • references/screens.md
    : category → prompts → screens map for "Match my brand voice" (starting point; Auth0 adds new screens over time)
  • references/api.md
    : Management API endpoints, theme/branding schema, CLI commands, error codes
  • references/examples.md
    : cURL code samples plus CI/CD deployment and tenant migration patterns
  • references/advanced.md
    : Page template creation with Liquid syntax, template variables, text customization details
Related skills:
  • auth0-custom-domains: Configure custom domains (required for page templates)
  • auth0-organizations: Organization-specific branding for B2B multi-tenancy
  • auth0-actions: Custom logic in login flows via Auth0 Actions
  • acul-screen-generator: Advanced Customizations for Universal Login (ACUL) — build fully custom screens beyond what theme + template can do
External:
技能内参考(渐进式披露):
  • references/capability-brand.md
    :"品牌化我的租户"流程;提取流水线、来源优先级、应用步骤
  • references/capability-manual.md
    :"修改特定设置"流程;意图映射、按区域写入机制、应用/防护措施
  • references/capability-voice.md
    :"匹配我的品牌语气"流程;来源提示、分类清单、可选检测、区域设置处理、生成与应用
  • references/capability-rollback.md
    :"回滚到Auth0默认设置"流程;权限预检查、区域选择、备份、执行
  • references/capability-check.md
    :"检查我的配置"流程;Classic切换背景、检查内容、输出格式
  • references/screens.md
    :"匹配我的品牌语气"的分类→提示→屏幕映射(起点;Auth0会不断添加新屏幕)
  • references/api.md
    :Management API端点、主题/品牌架构、CLI命令、错误代码
  • references/examples.md
    :cURL代码示例以及CI/CD部署和租户迁移模式
  • references/advanced.md
    :使用Liquid语法创建页面模板、模板变量、文本定制细节
相关技能:
  • auth0-custom-domains:配置自定义域名(页面模板必填)
  • auth0-organizations:面向B2B多租户的组织特定品牌设置
  • auth0-actions:通过Auth0 Actions在登录流程中添加自定义逻辑
  • acul-screen-generator:Universal Login高级定制(ACUL)——构建超出主题+模板能力的完整自定义屏幕
外部链接: