Licensed to be used in conjunction with basebox, only.
Setting up Auth0 for basebox
See also our Authorization Guide.
About Auth0
Auth0 is a commercial OpenID Connect authentication provider that is officially supported by basebox. They have a free plan that you can use to get started.
You can also use Keycloak, but this is a bit more involved because you have to host it yourself or run it in a Docker container.
Auth0 API Setup Steps
- After registering at Auth0, you need to setup your basebox backend as an API in Auth0. This can be easily done by going to Applications -> API on the left hand side menu.
- Once you are on the API page, click +Create API. Provide the Name and Identifier for the API and it will now take you to the API page for your new API. The Identifier that you use will be needed for the Client ID field in broker and dbproxy configuration files (See the configuration section here).
- Once you've created your new API, click on the Settings page and scroll down to RBAC Settings. You need to turn on Enable RBAC and Add Permissions in the Access Token as this will be required for Operation Level Security later on.
Permissions tab
Note the Permissions tab, when you create an operation in your schema file, you would need to create an entry here for each of those operations in order to have access to them (more on this in Operation Level Security).
Auth0 Application Setup Steps
Once the API is created, you have to create a so called application to be used with your basebox project.
- Log into your Auth0 account
- If not already done, create a new Tenant, i.e. an authorization domain. A tenant in Auth0 terms is region-specific and can "host" multiple applications. You cannot create an application without a tenant.
- In the left menu, click Applications -> Applications; you should see a list of existing applications (if there are any). Click +Create Application in the rop right corner
- Pick a name and select the most appropriate application type; in this example, we select Single Page Web Application
- You will now be taken to the Quickstart tab that helps you in configuring/programming your client to authenticate at Auth0; we skip that for now. Instead, click the Settings tab.
Auth0 Application Settings
The settings tab contains important data that you need to configure your client application to be able to log your users in as well as data that is needed by basebox to validate authentication tokens.
Client Side Implementation
It is beyond the scope of this guide to explain how to implement OpenID Connect based authentication in your client, and we cannot cover all client technologies out there.
Make note of the Domain field under settings, this will be used in the broker and dbproxy configuration files (for the iss
field under the [auth]
section).
"Authorization server not configured with default connection."
If you receive an Authorization server not configured with default connection.
error when trying to get an access token, one solution to fix this is to go to Settings on the left hand side menu and scroll down the General tab to Default Directory. You can then set this value to Username-Password-Authentication
.