# Auth0

Configure Auth0 when you need hosted identity, JWKS-backed verification, and callback flows at the gateway.

**Last reviewed:** 2026-03-06

## When to use this

Use this approach when you want a config-first Cloudflare Worker gateway behavior that is already implemented in the repository and covered by tests or canonical examples.

## What this does not do

* It does not add unsupported product features such as rate limiting, caching, API keys, analytics, or OpenAPI generation.
* It does not replace upstream application logic that still belongs in your services.
* It does not remove the need to validate environment variables, bindings, and route intent before deploy.

## Repo-grounded example

```json
{
  "authorizer": {
    "type": "auth0",
    "domain": "$env.AUTH0_DOMAIN",
    "client_id": "$env.AUTH0_CLIENT_ID",
    "client_secret": "$secrets.AUTH0_CLIENT_SECRET",
    "redirect_uri": "https://api.example.com/api/v1/auth0/callback",
    "callback_uri": "https://app.example.com/auth/callback",
    "jwks_uri": "https://tenant.us.auth0.com/.well-known/jwks.json",
    "scope": "openid profile email"
  },
  "paths": [
    {
      "method": "GET",
      "path": "/api/v1/auth0/callback",
      "integration": { "type": "auth0_callback" }
    }
  ]
}
```

This example is grounded in the current implementation shape: JSON config, path-based routing, optional auth, request mapping, and Worker-native integrations.

## Troubleshooting

* Confirm the route path and HTTP method match what the worker receives.
* Confirm the config source is the one you expect: local file, KV, or `SAG_API_CONFIG_JSON`.
* Confirm required bindings and environment variables are present before debugging downstream logic.
* Run the existing tests in the main gateway repo when a config change appears correct but runtime behavior disagrees.

## Related docs

* [auth0](https://docs.serverlessapigateway.com/configuration/auth0)
* [authorizer](https://docs.serverlessapigateway.com/configuration/authorizer)
* [gateway troubleshooting matrix](https://docs.serverlessapigateway.com/troubleshooting/wrangler-deploy-guide/gateway-troubleshooting-matrix)