Auth0
With Auth0 as your IdP, you will need to create an Application
to handle authentication requests from Ambassador Edge Stack.
Navigate to Applications and Select "CREATE APPLICATION"
In the pop-up window, give the application a name and create a "Machine to Machine App"
Select the Auth0 Management API. Grant any scopes you may require. (You may grant none.)
In your newly created application, click on the Settings tab, add the Domain and Callback URLs for your service and ensure the "Token Endpoint Authentication Method" is set to
Post
. The default YAML installation of Ambassador Edge Stack uses/.ambassador/oauth2/redirection-endpoint
for the URL, so the values should be the domain name that points to Ambassador, e.g.,example.com/.ambassador/oauth2/redirection-endpoint
andexample.com
.Click Advanced Settings > Grant Types and check "Authorization Code"
Configure Filter and FilterPolicy
Update the Auth0 Filter
and FilterPolicy
. You can get the ClientID
and secret
from your application settings:
The audience
is the API Audience of your Auth0 Management API:
The authorizationURL
is your Auth0 tenant URL.
---apiVersion: getambassador.io/v2kind: Filtermetadata:name: auth0_filternamespace: defaultspec:OAuth2:authorizationURL: https://datawire-ambassador.auth0.comclientURL: https://datawire-ambassador.comaudience: https://datawire-ambassador.auth0.com/api/v2/clientID: fCRAI7svzesD6p8Pv22wezyYXNg80Ho8secret: CLIENT_SECRET
---apiVersion: getambassador.io/v2kind: FilterPolicymetadata:name: httpbin-policynamespace: defaultspec:rules:- host: "*"path: /httpbin/ipfilters:- name: auth0_filter ## Enter the Filter name from abovearguments:scopes:- "openid"
Note: By default, Auth0 requires the openid
scope.
Questions?
We’re here to help. If you have questions, join our Slack or contact us.