Setting up Auth0

Let's carry out the following steps to set up Auth0 as our identity provider:

  1. If you haven't already got an Auth0 account, sign up at https://auth0.com/signup.
  2. Once we have an Auth0 account and have logged in, we need to change the default audience in our tenant settings. To get to our tenant settings, click on the user avatar and choose Settings:

  1. The Default Audience option is in the API Authorization Settings section. Change this to https://qanda:

This tells Auth0 to add https://qanda to the aud payload field in the JWT it generates. This setting triggers Auth0 to generate access tokens in JWT format. Our ASP.NET Core backend will also check that access tokens contain this data before granting access to protected resources. 

  1. Next, we are going to tell Auth0 about our React frontend. On the left-hand navigation menu, click Applications and then click the Create Application button.
  2. Select the Single Page Web Applications application type and click the CREATE button:

Our SPA client configuration will then be created.

  1. We need to change a few settings in the SPA client configuration, so select the Settings tab and set the following settings:
    • The Name will appear on the login screen, so change it to QandA.
    • We need to specify the origin of the frontend in the Allowed Web Origins setting. So, let's set this to http://localhost:3000
    • We need to specify the page Auth0 will redirect back to after a successful login in the Allowed Callback URLs setting. So, set this to http://localhost:3000/signin-callback. We will implement the signin-callback page in our frontend in Chapter 12Interacting with RESTful APIs.
    • Similarly, we need to specify the page Auth0 will redirect back to after a successful logout in the Allowed Logout URLs setting. So, set this to http://localhost:3000/signout-callback. We will implement the signout-callback page in our frontend in Chapter 12Interacting with RESTful APIs.
    • Don't forget to scroll to the bottom of the page and click the Save Changes button after entering these settings. 
  1. We now need to tell Auth0 about our ASP.NET Core backend. On the left-hand navigation menu, click APIs and then click the Create API button: 

The Name can be anything we choose, but the Identifier setting must match the default audience we set on the tenant. Make sure the Signing Algorithm is RS256 and then click the CREATE button.

That completes the setup of Auth0.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.61.12