Learn

Setup an Auth0 Identity Provider

Prerequisites

Configure Auth0

Skip the Auth0 onboarding tutorials and go straight to your dashboard.

Create a new application

1. Name it something meaningful

We will be connecting to a 'regular web application'.

https://www.datocms-assets.com/38428/1621224379-auth0-create-app.webp?auto=format

2. Skip the 'Quick Start' and navigate to the 'Settings' tab.

Make note of the:

- Domain

- Client ID

- Client Secret

Edit these fields:

  • Add a simple description

  • In the 'Allowed Callback URLs' section add in https://example.com/callback. This will be used later during the manual testing.

All other fields can be left at their default values.

https://www.datocms-assets.com/38428/1621224547-auth0-app-settings.webp?auto=format

3. Make sure your OpenID Configuration is discoverable by browsing to https://<your-auth0-domain>.auth0.com/.well-known/openid-configuration and checking that the following values exist (other options may sit alongside):

json
Copy to clipboard.
1{
2    "authorization_endpoint": "https://your-auth-endpoint/authorize",
3    "token_endpoint": "https://your-token-endpoint/token",
4    "jwks_uri": "https://your-jwks-endpoint/jwks.json",
5    "response_types_supported": [
6        "code"
7    ],
8    "grant_types_supported": [
9        "authorization_code"
10    ],
11}

Setup a connection and add users

This is where Auth0 is used to store and hold user information, including PII. Before you add details about users, make sure you understand Auth0's policies around storing this information.

4. Navigate to the 'Connections' tab:

  • Leave Database and Username-Password-Authentication Enabled

  • Disable the Social login

5. Click Users under User Management on the left-hand side navigation panel.

  • Select Create User.

  • Provide an email address that is different to the Admin account used to sign up with Auth0.

  • Add a password.

  • Leave Connection as 'Username-Password-Authentication'.

  • Optional: you may want to update the default `Name` field from just being the email address to something more meaningful.

⚠️ Warning
Auth0 restricts the size of the ID Token to 100Kb. Ensure that the data you inject into your token is below this limit or credential issuance will fail. Also, it is not recommended to use authentication provider as a source of claims for the issuance of credentials, bur rather configure a claims source instead.

What's next?

You can now continue to configure your identity provider in MATTR VII.