This is a specific example of how to add an Auth0 JWT Signer.
Auth0 is an identity platform for development teams which provides developers and enterprises with the building blocks they need to secure their applications. If you don't already have an account you can sign up for a free account at https://auth0.com/signup
Adding a new Application in Auth0
Once you have an account setup you can add a new "Application":
Then click on the "Create Application":
Then Create a "Single Page Web Application":
Adding the callback & logout URL to your BrowZer App(s) you created
All BrowZer Apps have the following template:
https://<APP_NAME>.<NET_NAME>.browzer.cloudziti.io
where:
- APP_NAME, is the name we’ll assign to the BrowZer app we’ll create.
- NET_NAME, is the name we’ll assign the first time you click on “BrowZer Apps”.
In Auth0, under the Application/Settings you'll find "Allowed Callback URLs" & "Allowed Logout URLs"
You can add one callback URL for all apps are created under the same NET_NAME In this case, NET_NAME=natashell. The URL needs to be in this format: https://*.<NET_NAME>.browzer.cloudziti.io
For example:
https://*.demo.browzer.cloudziti.io
For Example:
Adding a JWT Signer & Authentication Policy
Create an API
Now you can add a new "API":
Click on Create API
Fill out the form using the URL
https://<APP_NAME>.<NET_NAME>.browzer.cloudziti.io
Create a custom trigger
Under Actions select "Triggers":
Click on "post-login":
Click on the + symbol & select "Build from Scratch":
Name the a new Action "Add Email to Access Token":
Remove the prefilled out content & past the following:
/**
* Handler called during a PostLogin flow.
*
* @param {Event} event - Details about the user and the
* context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be
* used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
if (event.authorization) {
api.accessToken.setCustomClaim(`email`, event.user.email);
}
};
then click on "Deploy":
Return to "post-login" & click on "Custom"
Click and drag your Add Email to Access Token Action onto the Trigger, then drop it into place, then click Apply in the top right.
Gathering Information from Auth0
In order to setup the new JWT Signer we'll need to get some information from the new Auth0 Application that was just created
First let's get the Client Id and Domain from the settings page:
The rest of the information is easier to get from the Open Id Configuration endpoint & you can reach it by using your Domain in the URL:
https://{ Your Domain }//.well-known/openid-configuration
An example would be https://external-jwt.us.auth0.com/.well-known/openid-configuration
To view this information in a better format, we suggest using a browzer extension like JsonView
Adding an Auth0 JWT Signer
You an access & manage the JWT Signers in the console by finding the icon on the left hand side navigation menu:
and then clicking on the "JWT Signers" tab on the top navigation menu:
To add a new JWT Signer, click on the symbol at the top right of the page.
The new JWT Signer dialog will open:
Fields coming from Auth0
!!! Please Note: Auth0 requires the trailing slash on the issuer!
Issuer: OpenId Configuration endpoint field "issuer"
Audience: The Identifier of the API created above
JWKS Endpoint: OpenId Configuration endpoint field "jwks_uri"
External Auth URL: OpenId Configuration endpoint field "authorization_endpoint"
Please refer to the JWT Signers for more detail
Once you have created the JWT Signer it can be assigned to a Authentication Policy