Integrating Auth0 with roles #5307
Unanswered
Sen-Gupta
asked this question in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Everyone,
Recently, we ended up evaluating integrating Auth0 with roles in Oqtane.
Here is the learning and gotchas, one must be aware of to bleed less.
First you need to configure a Web Application in Auth0 as shown below.
Next, we will leverage built in suport for External Providers in Oqtane.
Oqtane has support for Oidc and Auth 2.0.
It has a built in template for Auth0 integration and couple of others.
Steps: Launch Admin Panel and Click on User Management.
and add roles in the roles claim mappings. (I did just to stay safe, not requried if you are returning roles as your claim name/type)
The above settings should be good enough to trigger authentication.
Next: Pulling in roles
Auth0 does not return roles by default so you need to follow steps listed here:
Add Roles
We just need the method/action in Auth0. The second step of defining flow is called trigger now.
After defining actions go to triggers and choose post login. You will see your custom Action here. Mine was named as Add Roles.
You method may look like as given below.
And now the gotchas:
The action method for Auth0, may look like as shown below. Ensure you change your own namespace, any unique valid url that you own is good here.
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://clinic-qa.foodinvites.com';
if (event.authorization && event.authorization.roles) {
api.idToken.setCustomClaim(
${namespace}/roles, event.authorization.roles);api.accessToken.setCustomClaim(
${namespace}/roles, event.authorization.roles);}
};
@sbwalker, Auth0 does not support adding roles without namespace. I have tried that combination and name claim was not added without namespace.
Wating for you to take a decision so that the doc can be updated accordingly.
Look at #5308.
@sbwalker reponded with "Enter whatever is being emitted by IDP".
In the role claim you should enter:
Whatever is your namespace and /roles
In the case above our namesspace is https://clinic-qa.foodinvites.com
https://clinic-qa.foodinvites.com/roles
Beta Was this translation helpful? Give feedback.
All reactions