Skip to content

Authentication

Creating an Auth0 Tenant and Application

To set up authentication for your application using Auth0, follow these steps to create a new tenant and configure your application settings.

  • Navigate to the Auth0 dashboard and create a new tenant or reuse an existing one.
  • Create an Application of type "Regular Web Application". You can use any friendly name you like for this application.

Configuring Application Settings

On the "Settings" tab, configure the following settings:

  • Set the "Allowed Callback URLs" to https://localhost:7000/callback.
  • Set the "Allowed Logout URLs" to https://localhost:7000.
  • Set the "Allowed Web Origins" to https://localhost:7000.

Creating an API

To create an API in Auth0, follow these steps:

Creating a New API

  1. Create a new API with any friendly name you like.
  2. On the "Settings" tab, choose an identifier carefully, as this cannot be changed later. A common choice is https://api.myapplication.com, replacing "myapplication" with your own domain.

Authorizing the Application

  1. Navigate to the "Machine to Machine Applications" tab and authorize the application you created earlier.
  2. This authorization allows your application's access tokens to include access to this API.

Adding Internal IDs to Tokens

To add internal IDs to your tokens, follow these steps:

Creating a Custom Action

  1. Go to Auth0's "Library" and create a new action by clicking "Create Action" > "Build from Scratch".
  2. Name the action something you'll remember, such as "Add Custom Claims", with a "Login / Post Login" trigger.

Adding Internal IDs to Tokens

  1. Paste the following code into the onExecutePostLogin method:
js
if (event.authorization) {
  var userId = event.user.app_metadata["internal_user_id"] ?? "";
  api.idToken.setCustomClaim("user_id" ?? "";
  }

Authentication Topics

  • Go to the Auth0 dashboard
  • Create a new tenant or reuse an existing one
  • Create an Application of type "Regular Web Application"
    • You can use whatever friendly name you want
    • On the "Settings" tab:
      • Set the "Allowed Callback URLs" to https://localhost:7000/callback
      • Set the "Allowed Logout URLs" to https://localhost:7000
      • Set the "Allowed Web Origins" to https://localhost:7000
    • On the "Credentials" tab:
      • Set "Application Authentication" to "Client Secret (Post)"
    • Copy the following variables to the .env file:
      • Domain
      • Client ID
      • Client Secret
  • Create an API
    • You can use whatever friendly name you want
    • On the "Settings" tab:
      • Choose an identifier carefully, as you will not be able to change it in the future
        • I usually go with https://api.myapplication.com, replacing "myapplication" with your own domain
        • Copy the identifier to the .env file into APIAUDIENCE
    • On the "Machine to Machine Applications" tab:
      • Authorize the application you created before
      • This authorization means you allowing your application's access tokens to include access to this api
  • Synchronize the internal IDs
    • Allow access to the Auth0 Management API
      • In the APIs list, select "Auth0 Management API"
        • Go to the "Machine to Machine Applications"
        • Authorize the application you created before
        • Expand the application dropdown
          • Enable the following permissions
            • read:users
            • update:users
            • read:users_app_metadata
            • update:users_app_metadata
            • delete:users_app_metadata
            • create:users_app_metadata
          • Press Update
    • Add internal IDs to the tokens
      • Go to "Library" and "Create Action" > "Build from Scratch"
        • Name it something you remember, like "Add Custom Claims", with a "Login / Post Login" trigger
        • Paste the code bellow inside the onExecutePostLogin method
          • The application will add the internal user GUID to the Auth0 app metadata when you first login, and here we're adding it to both id and access tokens.
        • Click "Deploy"
        • Select "Flows" and "Login"
          • Drag the newly created custom action between "Start" and "Complete"
js
if (event.authorization) {
    var user_id = event.user.app_metadata["internal_user_id"] ?? "00000000-0000-0000-0000-000000000000";
    api.idToken.setCustomClaim(`user_id`, user_id);
    api.accessToken.setCustomClaim(`user_id`, user_id);
}