Authentication
Creating an Auth0 Tenant and Application
To set up authentication for your application using Auth0, follow these steps to create a new tenant and configure your application settings.
- Navigate to the Auth0 dashboard and create a new tenant or reuse an existing one.
- Create an Application of type "Regular Web Application". You can use any friendly name you like for this application.
Configuring Application Settings
On the "Settings" tab, configure the following settings:
- Set the "Allowed Callback URLs" to
https://localhost:7000/callback
. - Set the "Allowed Logout URLs" to
https://localhost:7000
. - Set the "Allowed Web Origins" to
https://localhost:7000
.
Creating an API
To create an API in Auth0, follow these steps:
Creating a New API
- Create a new API with any friendly name you like.
- On the "Settings" tab, choose an identifier carefully, as this cannot be changed later. A common choice is
https://api.myapplication.com
, replacing "myapplication" with your own domain.
Authorizing the Application
- Navigate to the "Machine to Machine Applications" tab and authorize the application you created earlier.
- This authorization allows your application's access tokens to include access to this API.
Adding Internal IDs to Tokens
To add internal IDs to your tokens, follow these steps:
Creating a Custom Action
- Go to Auth0's "Library" and create a new action by clicking "Create Action" > "Build from Scratch".
- Name the action something you'll remember, such as "Add Custom Claims", with a "Login / Post Login" trigger.
Adding Internal IDs to Tokens
- Paste the following code into the
onExecutePostLogin
method:
js
if (event.authorization) {
var userId = event.user.app_metadata["internal_user_id"] ?? "";
api.idToken.setCustomClaim("user_id" ?? "";
}
Authentication Topics
- Go to the Auth0 dashboard
- Create a new tenant or reuse an existing one
- Create an Application of type "Regular Web Application"
- You can use whatever friendly name you want
- On the "Settings" tab:
- Set the "Allowed Callback URLs" to
https://localhost:7000/callback
- Set the "Allowed Logout URLs" to
https://localhost:7000
- Set the "Allowed Web Origins" to
https://localhost:7000
- Set the "Allowed Callback URLs" to
- On the "Credentials" tab:
- Set "Application Authentication" to "Client Secret (Post)"
- Copy the following variables to the
.env
file:Domain
Client ID
Client Secret
- Create an API
- You can use whatever friendly name you want
- On the "Settings" tab:
- Choose an identifier carefully, as you will not be able to change it in the future
- I usually go with
https://api.myapplication.com
, replacing "myapplication" with your own domain - Copy the identifier to the
.env
file intoAPIAUDIENCE
- I usually go with
- Choose an identifier carefully, as you will not be able to change it in the future
- On the "Machine to Machine Applications" tab:
- Authorize the application you created before
- This authorization means you allowing your application's access tokens to include access to this api
- Synchronize the internal IDs
- Allow access to the Auth0 Management API
- In the APIs list, select "Auth0 Management API"
- Go to the "Machine to Machine Applications"
- Authorize the application you created before
- Expand the application dropdown
- Enable the following permissions
read:users
update:users
read:users_app_metadata
update:users_app_metadata
delete:users_app_metadata
create:users_app_metadata
- Press Update
- Enable the following permissions
- In the APIs list, select "Auth0 Management API"
- Add internal IDs to the tokens
- Go to "Library" and "Create Action" > "Build from Scratch"
- Name it something you remember, like "Add Custom Claims", with a "Login / Post Login" trigger
- Paste the code bellow inside the
onExecutePostLogin
method- The application will add the internal user GUID to the Auth0 app metadata when you first login, and here we're adding it to both id and access tokens.
- Click "Deploy"
- Select "Flows" and "Login"
- Drag the newly created custom action between "Start" and "Complete"
- Go to "Library" and "Create Action" > "Build from Scratch"
- Allow access to the Auth0 Management API
js
if (event.authorization) {
var user_id = event.user.app_metadata["internal_user_id"] ?? "00000000-0000-0000-0000-000000000000";
api.idToken.setCustomClaim(`user_id`, user_id);
api.accessToken.setCustomClaim(`user_id`, user_id);
}