Simplified Authentication for Choreo APIs: Integrating Auth0 as an Identity Provider
Choreo offers a seamless experience for managing APIs and services, with Asgardeo as its default key manager. By leveraging an external identity provider like Auth0, we can further streamline the process of authenticating users and APIs.
In this guide, we will explore the straightforward steps to integrate Auth0 as an identity provider for Choreo APIs with minimal configurations involved. Summarized steps would be as follows,
- Create an application in Auth0 portal.
- Add Auth0 application as a connection to Asgardeo.
- Create an application in Choreo developer portal.
- Add the created connection as a sign-in method in created application.
Prerequisites
- Should have a Choreo organization.
- Should have an Asgardeo organization.
- Should have an Auth0 account.
Create an application in the Auth0 portal
- Go to the ‘Applications’ tab in the Auth0 portal.
- Click on ‘Create Application’.
- For this we are going with the type ‘Regular web application’.
- This will create an application.
- Now, we need to add some information about our asgardeo organization as configurations
— Application Login URI ( https://api.asgardeo.io/t/<organization handle>/oauth2/authorize )
— Allowed Callback URLs (https://api.asgardeo.io/t/<organization handle>/commonauth)
— Allowed Web Origins ( Sample :- http://localhost:3000 )
Let’s construct our Auth0 domain name which is useful in future steps
- Domain format would be <auth0 tenant>.us.auth0.com, I will be identifying this as Auth0-domain from here on.
Add Auth0 application as a connection to Asgardeo
- Login to the Asgardeo portal
- Make sure the selected organization is the same as the intended Choreo organization.
- Now we can add the application we have created in the Auth0 portal as a connection to Asgardeo.
- Select ‘Connections’ from the menu.
- Click on ‘Create connections’.
- We can select the Standard-Based IDP from here.
- Chose OpenID Connect as the protocol and provide a name to identify this IdP.
- Client ID :- Client ID of Auth0 application
- Client Secret :- Client secret of Auth0 application
- Authorization endpoint URL :- https://<Auth0-domain>/authorize
- Token endpoint URL :- https://<Auth0-domain>/auth/token
- Now let’s add the JWKS endpoint (https://<Auth0-domain>/.well-known/jwks.json)
- Let’s copy the Authorization redirect URL from the freshly created connection’s settings page (https://api.asgardeo.io/t/<organization handle>/commonauth)
Create an application in Choreo developer portal
- Login to Choreo developer portal (https://devportal.choreo.dev/<organization handle>)
- Select ‘Applications’ from the home page
- Let’s create a new application which will be used to handle the authentication of our APIs.
- It will create an application as below.
- Click on ‘Sandbox’ from credentials list and press on ‘Generate Credentials’
- Now, let’s subscribe to the APIs we need to authenticate through this application
- Now click on ‘Manage permissions’ which will take you to the Asgardeo portal.
- Click on the ‘Protocol’ tab on the horizontal menu.
- Make sure to allow Code and Refresh token grant types
- Select the ‘Public Grant’ check box.
- Add your authorized redirect URLs to the ‘Authorized redirect URLs’ field.
- Add your allowed origins to the ‘Allowed Origins’ field.
- Select the Mandatory check box under PKCE.
- Click the ‘Update’ button to save all the changes we have done.
Now let’s add the connection we add with Auth0 as a sign-in method to the application we created.
- Open the ‘Sign-in’ tab in the application
The default sign-in method is username & password which is selected above
- Now we can remove the username & password option and then press on ‘+ Add Authentication’ button
- Add the connection we added with Auth0 application
We have successfully added the created Auth0 application as an IDP to our application which will be used to authenticate Choreo APIs.
Now you can use the tokens obtained when login to your web application to invoke the subscribed Choreo APIs.
