Auth0

This document outlines the configuration settings for integrating Auth0 with a Serverless API Gateway.

Configuration Parameters

{
    "authorizer": {
        "type": "auth0",
        "domain": "your-auth0-domain.auth0.com",
        "client_id": "your-client-id",
        "client_secret": "your-client-secret",
        "redirect_uri": "https://your-api-url/api/v1/auth0/callback",
        "jwks": "{JSON Escaped JWKS}",
        "jwks_uri": "https://your-auth0-domain.auth0.com/.well-known/jwks.json",
        "scope": "openid profile email"
    }
}

Parameters Explained

  • type: Specifies the type of authorizer being used. In this case, it is set to "auth0".

  • domain: The Auth0 domain associated with your account. Replace your-auth0-domain with your actual Auth0 domain.

  • client_id: The unique identifier for your Auth0 application. Replace your-client-id with your actual client ID.

  • client_secret: The secret key associated with your Auth0 application. Replace your-client-secret with your actual client secret.

  • redirect_uri: The URI to which Auth0 will redirect users after authentication. Replace https://your-api-url/api/v1/auth0/callback with your actual callback URL.

  • jwks: A JSON Web Key Set (JWKS) containing the public keys used to verify the JWT signatures. Replace the values in the n, kid, x5t, and x5c fields with your actual key values. Either jwks or jwks_uri is required.

  • jwks_uri: The URI to retrieve the JWKS from Auth0. Replace your-auth0-domain with your actual Auth0 domain. Either jwks or jwks_uri is required.

  • scope: The permissions being requested from the user. Common scopes include openid, profile, and email.

Important Notes

  • Ensure that sensitive information such as client_secret is stored securely and not exposed in public repositories or logs.

  • Update the placeholders in the configuration with your actual Auth0 account details before deployment.

  • Test the configuration in a safe environment before moving to production.

Path Configurations

This section outlines the path configuration for handling callbacks from Auth0. The callback endpoint is essential for processing the authentication response after a user logs in.

Callback Handler

{
    "method": "GET",
    "path": "/api/v1/auth0/callback",
    "integration": {
        "type": "auth0_callback"
    }
}

This integration handles the callback from Auth0, receiving an authorization code. It exchanges this code for access and ID tokens and returns them to the client.

Login Redirect

{
    "method": "GET",
    "path": "/api/v1/auth0/callback-redirect",
    "integration": {
        "type": "auth0_callback_redirect"
    },
    "auth": false
}

This integration facilitates the redirection to the Auth0 login page (/authorize), allowing users to authenticate via Auth0. It provides a seamless way to initiate the login process based on the Auth0 configuration.

User Info

{
    "method": "GET",
    "path": "/api/v1/auth0/profile",
    "integration": {
        "type": "auth0_userinfo"
    },
    "auth": true
}

This integration retrieves user information from Auth0 using the /userinfo endpoint. It allows applications to access user profile data after successful authentication.

Last updated