This is a premium feature requiring custom configuration on your Auth0 account. You must have an active Auth0 account in order to configure this.
How it works
In this scenario, Auth0 is being used as the database source of truth for all authentication (consumer login) requests.
The Auth0 integration uses an OAuth API proxy, meaning any OAuth POST login requests generated against Zype's OAuth APIs will then be proxied to Auth0's APIs for authentication checks. Zype OAuth API requests must use email/password (grant_type=password) in order to pass full credentials over to Auth0.
If Auth0 authentication passes, Auth0 will return a JWT in response to the login API request. Zype will decode the JWT, and then use it to generate an access token in Zype's database and send back to the original API requester.
Configuration Instructions
Auth0 configuration:
- Set up your Auth0 account
- Confirm you have an API within your Auth0 account
- This can be the Auth0 management API
- Click your name profile icon at the top right and click settings to navigate to Tenant Settings
- Change the "Default Audience" to your Auth0 API
- Change the "Default Directory" to Username-Password-Authentication
- Click Save
- Go to Applications and create a Machine to Machine app for Zype
- Take note of its Client ID and Client Secret as you'll need these for the Zype configuration
- Go to Rules and add a new rule that allows the email to be sent in the JWT when signing in:
- Create an Empty Rule
- Empty everything in the Script box in Auth0
- The copy code block below
- Replace the API URL in the code block
- Replace the namespace with your website domain in the code block
-
function (user, context, callback) {
// only add the claims for this specific API
// you could add more checks/conditions if it makes sense
if (context.request.body && context.request.body.audience === 'https://your-api-url.auth0.com/api/v2/') { // your Auth0 API Identifier
const namespace = 'https://yourdomain.com/claims/';
context.accessToken[namespace + 'email'] = user.email;
context.accessToken[namespace + 'roles'] = context.authorization.roles;
}
callback(null, user, context);
}
- Go to "APIs" and select the API created for Zype
- Go to "Machine to Machine Applications"
- Authorize the app
- Click the drop-down the app's row so you can grant permissions to the app
- Zype needs the following permissions at minimum:
- read:users
- update:users
- create:users
- Click update when done
- Zype needs the following permissions at minimum:
Zype configuration:
- In your Site Settings, you will see the SSO tab
- Select Auth0 from the dropdown menu and enter in your information
- Authentication URL: https://your-app-domain/oauth/token
- Client ID: Copy from Auth0 app
- Client Secret: Copy from Auth0app
- Audience URL: API url
- Claims Namespace URL: Match the namespace URL from rule defined
- Grant type: password
- Scopes:
- Connection Name: Username-Password-Authentication