Set up a new Auth0 OpenID Provider

Auth0 is a cloud-based identity management solution. This tutorial will show you how to use Auth0 as an OpenID Provider when offering credentials using the OIDC bridge.

We'll cover the basics of OpenID Provider configuration, show how Auth0 expose the underlying user profile store, and demonstrate how data can be added to their ID token.

This comprises several steps:

  • Step 1: Create a new Application.

  • Step 2: Setup Connections and create a User.

  • Step 3: Add a new Action to add user metadata to the ID Token.

Step 1: Create a new Application

  1. Sign up with Auth0 or login if you already have an account.

  2. Skip the Auth0 onboarding tutorials and go straight to your dashboard.

  3. Select Create Application.

  4. Name your application.

  5. Select Regular Web Applications.

  6. Select Create.

    Your application is created and you will be redirected to the Quickstart tab under the Applications section.

  7. Open the Settings tab.

  8. Record your application Domain, Client ID and Client Secret.

  9. Add a simple Description.

  10. Scroll down to Allowed Callback URLs under Application URLs and enter We will use this URL later for manual testing, and update it later when we Setup an OIDC Issuer.

    All other fields can be left at their default values.

  11. Browse to https://<your-auth0-domain> to make sure your OpenID Configuration is discoverable and check that the following values exist (other options may sit alongside):

Copy to clipboard.
2  "authorization_endpoint": "https://your-auth-endpoint/authorize",
3  "token_endpoint": "https://your-token-endpoint/token",
4  "jwks_uri": "https://your-jwks-endpoint/jwks.json",
5  "response_types_supported": ["code"],
6  "grant_types_supported": ["authorization_code"],

12. Select the Connections tab.

13. Enable Username-Password-Authentication under Database.

14. Disable everything under Social.

Step 2: Create a User

This is where Auth0 is used to store and hold user information, including PII. Before you add any details about users, make sure you understand Auth0's policies around storing this information.

  1. Select User Management from the left hand side navigation panel.

  2. Select Users.

  3. Select Create User.

  4. Add an email address that is different to the Admin account used to sign up with Auth0.

  5. Add a password.

  6. Select Username-Password-Authentication from the Connection dropdown list.

  7. Select Create.

    You will be taken to the new user details screen.

  8. You may choose to update the default Name field from the user email to something more meaningful.

  9. Scroll down to user_metadata under Metadata.

  10. Add claims about the user that you want to be appended to the ID token.
    In this tutorial we will use:

Copy to clipboard.
2  "educationalCredentialAwarded": "Master in Advanced Computer Science"

Step 3: Add a new Action to add user metadata to the ID Token

  1. Select Actions from the left hand side navigation panel.

  2. Select Library.

  3. Select Build Custom.

  4. Enter a meaningful Name for the new action, for example Map custom claims.

  5. Select Login / Post Login from the Trigger dropdown list.

  6. Select the recommended node from the Runtime dropdown list.

  7. Select Create.

  8. Use the setCustomClaim method to map each user_metadata attribute to an ID token claim. For our educationalCredentialAwarded the mapping is as follows:

Copy to clipboard.
1exports.onExecutePostLogin = async (event, api) => {
2  const namespace = 'YOUR_TENANT_URL';
3  api.idToken.setCustomClaim(
4    `${namespace}/educationalCredentialAwarded`, 
5    event.user.user_metadata.educationalCredentialAwarded
6  ); 		   
7  return;

Auth0 enforces a namespace for custom claims, so you would need to provide a unique namespace. Good practice would be to use the full domain of your MATTR VII tenant.

9. Select Deploy.

10. Navigate to Flows under Actions in the left hand side navigation panel.

11. Select Login.

12. Select Custom under Add Action on the right hand side panel.

13. Locate your new action in the list and drag it so that it is positioned between Start and Complete on the flow diagram.

What's Next?

You can now perform a manual test to verify that you have properly configured Auth0 as an OpenID Provider.