Authenticating an AWS AppSync GraphQL API with Auth0

In this tutorial, we’ll walk through how to implement OIDC authentication for your AWS AppSync endpoint using Auth0 as the authentication provider.

AWS AppSync has multiple ways to authorize users in order to do things like general user authorization & fine grained access control. The service supports a built-in OIDC provider in Amazon Cognito User Pools as well as allowing you to bring your own auth provider using any OIDC spec complaint provider.

OpenID Connect is a popular standard for single sign-on & identity provision that uses JSON-based identity tokens delivered via OAuth 2.0 flows to handle identity management. If you’d like to learn more about OIDC, this is a really great write-up you can check out.

In this tutorial, we’ll look at how to use Auth0 as the OIDC authentication provider for your AWS AppSync API.

To view the corresponding Github repo for this project, click here.

Creating Auth0 API

The first thing we need to do is create a new Auth0 API in our Auth0 account. To do so, go into the Auth0 dashboard, click on APIs, & click the Create API button.

Next, give the API a name & identifier, leaving the signing algorithm to be RS256.