Auth0 setting up an rest API authentication flow
Auth0 is access management service with roles management which allows users to be authenticated using username or password or form third Identity providers like Google, Twitter, etc. Auth0 will also protect API endpoints using JWT(JSON web token).
Creating an API access flow with Auth0 rest API.
- Create a default application(Readily available when signed up for Auth0)
- Add an API with endpoint details, the endpoint is referred to as an Identifier and also as an audience when making API calls.
- After adding the API navigate to the Machine to Machine option and enable authorize default app.
- Then navigate to Applications>Default App(or your app name)>Settings>Advance settings.
- In the advanced settings section click on GrantTypes tab and enable the password grant type.
- Lastly choose the general settings which are also referred to as tenant settings there you fill find API 7. authorization settings once
- in their find default directory and add text/string “Username-Password-Authentication” without quotes and save it.
Ufff now we have setup most of the things we need. Now let’s say we have API endpoint built with NodeJS(this is what I Know) and we would like to use Auth0 with this API and protect certain routes which can only be accessed when authenticated.
Node application is available at the below github repoistory url. Github repo url
This sample application has all the basic setup needed to help you understand how to setup Auth0 based API route access/protection.
This sample project uses Auth0’s rest api to authenticate users. Why rest API? since in this use case we are creating an api endpoint which we want our users to access with rest api the users can pass username and password to get access tokens which will allow users to consume protected content by the api.
This is an roughly written article on setting up auth0 with an rest API based authentication flow, the intent of me writing this article is to help other users who might have a similar use case and help them skip through the confusions we had while setting up rest API based authentication flow on Auth0.
Note: You will find the API endpoints in
Applications>DefaultApp(or your app name)>Advanced Settings>Endpoints