JWT Signer Examples - Auth0

This is a specific example of how to add an Auth0 JWT Signer.

 

Auth0 is an identity platform for development teams which provides developers and enterprises with the building blocks they need to secure their applications.  If you don't already have an account you can sign up for a free account at https://auth0.com/signup

 

Adding a new Application in Auth0

Once you have an account setup you can add a new "Application":

mceclip2.png

 

Then click on the "Create Application":

mceclip3.png

Then Create a "Single Page Web Application":

Adding the callback & logout URL to your BrowZer App(s) you created

All BrowZer Apps have the following template:

https://<APP_NAME>.<NET_NAME>.browzer.cloudziti.io

where:

  • APP_NAME, is the name we’ll assign to the BrowZer app we’ll create.
  • NET_NAME, is the name we’ll assign the first time you click on “BrowZer Apps”.

In Auth0, under the Application/Settings you'll find "Allowed Callback URLs" & "Allowed Logout URLs"

You can add one callback URL for all apps are created under the same NET_NAME In this case, NET_NAME=natashell.  The URL needs to be in this format: https://*.<NET_NAME>.browzer.cloudziti.io

For example:

 https://*.demo.browzer.cloudziti.io

For Example:

 

Adding a JWT Signer & Authentication Policy

 Create an API

Now you can add a new "API":

 

Click on Create API

Auth0 Applications

Fill out the form using the URL

https://<APP_NAME>.<NET_NAME>.browzer.cloudziti.io

 Create a custom trigger

Under Actions select "Triggers":

Click on "post-login":
Auth0 Applications

Click on the + symbol & select "Build from Scratch":
Auth0 Applications Auth0 Applications

 

Name the a new Action "Add Email to Access Token":

Auth0 Applications

Remove the prefilled out content & past the following:

/**
* Handler called during a PostLogin flow.
*
* @param {Event} event - Details about the user and the
* context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be
* used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {

if (event.authorization) {
api.accessToken.setCustomClaim(`email`, event.user.email);
}
};

then click on "Deploy":

Auth0 Applications

 

Return to "post-login" & click on "Custom"

Auth0 Applications

 

Click and drag your Add Email to Access Token Action onto the Trigger, then drop it into place, then click Apply in the top right.

Auth0 Applications

 

Gathering Information from Auth0

In order to setup the new JWT Signer we'll need to get some information from the new Auth0 Application that was just created

 

First let's get the Client Id and Domain from the settings page:

 

 

The rest of the information is easier to get from the Open Id Configuration endpoint & you can reach it by using your Domain in the URL: 

https://{ Your Domain }//.well-known/openid-configuration

An example would be https://external-jwt.us.auth0.com/.well-known/openid-configuration

To view this information in a better format, we suggest using a browzer extension like JsonView

 

Adding an Auth0 JWT Signer

You an access & manage the JWT Signers in the console by finding the icon on the left hand side navigation menu:

and then clicking on the "JWT Signers" tab on the top navigation menu:

 

To add a new JWT Signer, click on the symbol at the top right of the page.

 

The new JWT Signer dialog will open:

 

Fields coming from Auth0

!!! Please Note: Auth0 requires the trailing slash on the issuer!

Issuer: OpenId Configuration endpoint field "issuer" 

Audience: The Identifier of the API created above

JWKS Endpoint: OpenId Configuration endpoint field "jwks_uri"

External Auth URL: OpenId Configuration endpoint field "authorization_endpoint"

 

Please refer to the JWT Signers for more detail

Once you have created the JWT Signer it can be assigned to a Authentication Policy

 

Was this article helpful?
0 out of 0 found this helpful