This service handles authentication and user management using Auth0 as identity provider.
This service exposes different endpoints to handle authentication:
/userinfo endpoints. A
/users/me endpoint is also exposed for backward compatibility but its use is discouraged.
Moreover, it handles users through the auth0 users management api.
A Grant-Type property let you define a method from which your application can gain Access Tokens, for a more detailed explanation follow the official auth0 documentation.
To setup, firstly, you must have a working tenant on Auth0, where your application has enabled different database's connections (e.g. Username-Password-Authentication). Then, in the advanced settings of your application, you should enable
Grant Types. You have to add the necessary Rules, see Config Auth0.
In Tenant Setting, at API Authorization Settings you set a Default Directory and a Default Audience, which is the name of the connection to be use for Password Grant exchanges.
After everything is set, you can check it by using the following curl:
To notice that the connection is not required if you have one connection.
Multi-connections are usually used to manage multi-environment but you can still have one environment with multi-connections.
If all went well, you should get, without the scope website:
Using the scope website:
When the token expires refresh token could be used to get a new access token:
Note for the project configuration: the endpoint path depends on how the oauth0-client is exposed on the api-gateway, the exposed path by oauth0-client is
The response contains a new access token and new refresh token.
In the following an example of how to call an authenticated API using the token:
If you want to segregate users for each runtime environment, the simpler solution is to:
Create different databases, one for each environment you want; go to Auth0 Management Dashboard and from the Authentication section create new databases
While still in Auth0 Management Dashboard, you'll have to allow the database (called
connection) for each application (you might also define different applications for different environments, in this scenario you'd have to allow the proper connections to your applications)
In the Console
Setup Infrastructuresection of your project add a variable for each environment (e.g.
PROD_AUTH0_CONNECTION) and specify the proper database
connectionname for each environment.
In the Console
auth0-clientconfiguration for the
managementClientin order to use the newly created interpolation variable (e.g.
Make sure that
supportedConnectionsis declared for each
clienttoo, specifying only the connection you want to support in each environment.
Make sure that
defaultConnectionis declared for
cmsclient too, specifying only the connection you want to support in that environment.
For more information in regards of the Auth0 Client advanced config checkout out the configuration documentation page