Set up a new Auth0 OpenID Provider
Auth0 is a cloud-based identity management solution. This tutorial will show you how to use Auth0 as an OpenID Provider when offering credentials using the OIDC bridge.
We'll cover the basics of OpenID Provider configuration, show how Auth0 expose the underlying user profile store, and demonstrate how data can be added to their ID token.
This comprises several steps:
Step 1: Create a new Application.
Step 2: Setup Connections and create a User.
Step 3: Add a new Action to add user metadata to the ID Token.
Step 1: Create a new Application
Sign up with Auth0 or login if you already have an account.
Skip the Auth0 onboarding tutorials and go straight to your dashboard.
Select Create Application.
Name your application.
Select Regular Web Applications.
Select Create.
Your application is created and you will be redirected to the Quickstart tab under the Applications section.
Open the Settings tab.
Record your application
Domain,Client IDandClient Secret.Add a simple Description.
Scroll down to Allowed Callback URLs under Application URLs and enter
https://example.com/callback. We will use this URL later for manual testing, and update it later when we Setup an OIDC Issuer.All other fields can be left at their default values.
Browse to
https://<your-auth0-domain>.auth0.com/.well-known/openid-configurationto make sure your OpenID Configuration is discoverable and check that the following values exist (other options may sit alongside):
1{
2 "authorization_endpoint": "https://your-auth-endpoint/authorize",
3 "token_endpoint": "https://your-token-endpoint/token",
4 "jwks_uri": "https://your-jwks-endpoint/jwks.json",
5 "response_types_supported": ["code"],
6 "grant_types_supported": ["authorization_code"],
7}
12. Select the Connections tab.
13. Enable Username-Password-Authentication under Database.
14. Disable everything under Social.
Step 2: Create a User
This is where Auth0 is used to store and hold user information, including PII. Before you add any details about users, make sure you understand Auth0's policies around storing this information.
Select User Management from the left hand side navigation panel.
Select Users.
Select Create User.
Add an
emailaddress that is different to the Admin account used to sign up with Auth0.Add a
password.Select
Username-Password-Authenticationfrom the Connection dropdown list.Select Create.
You will be taken to the new user details screen.
You may choose to update the default Name field from the user email to something more meaningful.
Scroll down to user_metadata under Metadata.
Add claims about the user that you want to be appended to the ID token.
In this tutorial we will use:
1{
2 "educationalCredentialAwarded": "Master in Advanced Computer Science"
3}
Step 3: Add a new Action to add user metadata to the ID Token
Select Actions from the left hand side navigation panel.
Select Library.
Select Build Custom.
Enter a meaningful
Namefor the new action, for example Map custom claims.Select
Login / Post Loginfrom the Trigger dropdown list.Select the recommended node from the Runtime dropdown list.
Select Create.
Use the
setCustomClaimmethod to map eachuser_metadataattribute to an ID token claim. For oureducationalCredentialAwardedthe mapping is as follows:
1exports.onExecutePostLogin = async (event, api) => {
2 const namespace = 'YOUR_TENANT_URL';
3 api.idToken.setCustomClaim(
4 `${namespace}/educationalCredentialAwarded`,
5 event.user.user_metadata.educationalCredentialAwarded
6 );
7 return;
8};
Auth0 enforces a namespace for custom claims, so you would need to provide a unique namespace. Good practice would be to use the full domain of your MATTR VII tenant.
9. Select Deploy.
10. Navigate to Flows under Actions in the left hand side navigation panel.
11. Select Login.
12. Select Custom under Add Action on the right hand side panel.
13. Locate your new action in the list and drag it so that it is positioned between Start and Complete on the flow diagram.
What's Next?
You can now perform a manual test to verify that you have properly configured Auth0 as an OpenID Provider.