Auth0

• Open and login to https://manage.auth0.com

APIs

• Go to Applications > APIs and select Create API to create a custom API

• In General Settings enter a Name like API flexAI or API flexAIcloud

• In General Settings enter an Identifier like https://api-flexai or https://api-flexaicloud

• In JSON Web Token (JWT) settings set the JWT Profile to Auth0

• In JSON Web Token (JWT) settings set the JWT Signing Algorithm to RS256

• In Access Policy for Applications set Within user access to Allow via client-grant

• In Access Policy for Applications set Within client access to Allow via client-grant

• In the created and opened API go to Applications Access and edit the corresponding application

  • Set for Client Access the Authorization to Authorized

  • Set for User Access the Authorization to Authorized

During API creation, the application is automatically created by Auth0. The name of the application is API name followed by (Test Application)

Application

• Go to Applications > Applications and open the automated created Application from the API creation (API name follow by (Test Application) and go to Settings

• Change the Name to flexAI or flexAIcloud, under Application Properties change the Application Type to Regular Web Application

• Save

• Under Application URLs add following:

  • Application Login URI: https://<FQDN or hostname>

  • Allowed Callback URLs: https://<FQDN or hostname>/oauth2/callback, https://<FQDN or hostname>/oauth2/signout

  • Allowed Logout URLs: https://<FQDN or hostname>/oauth2/signout

• Open Advanced Settings > OAuth

• Set JSON Web Token (JWT) Signature Algorithm to RS256

• Activate OIDC Conformant

• Open Advanced Settings > Grant Types activate:

  • Authorization Code

  • Refresh Token

  • Client Credentials

• Go to Credentials > Application Authentication and set to Client Secret (Post)

Action

• Go to Actions > Library and select Create Action > Create Custom Action

• Enter a name like OIDC adjustments, set the Trigger to Login / Post Login and select the recommended Runtime node

• Enter the following code and deploy

exports.onExecutePostLogin = async (event, api) => {

  if (event.authorization && event.user.email) {

    api.idToken.setCustomClaim('preferred_username', event.user.email);

  }

  const namespace = 'https://flexai.de';

  if (event.authorization && event.authorization.roles) {

    api.idToken.setCustomClaim${namespace}/roles, event.authorization.roles);

    api.accessToken.setCustomClaim${namespace}/roles, event.authorization.roles);

  }

};

• Go to Actions > Triggers > post-login and add the created custom action between Start and Complete

• Apply

Roles

• Go to User Management > Roles and select Create Role to create the following roles:

  • flexai-manager

  • flexai-editor

  • flexai-user

- Go to User Management and add the roles to the users or the users to the roles

URLs and IDs

• Go to Applications > Applications and open the created application

• Go to Settings > Basic Information and copy the Client ID and Client Secret for later use

• Go to Settings > Advanced Settings > Endpoints

• Copy and open the OpenID Configuration URL

• Copy the following URLs for later use:

  • token_endpoint, looks like https://<TENAT_ID>.<REGION>.auth0.com/oauth/token

  • authorization_endpoint, looks like https://<TENAT_ID>.<REGION>.auth0.com/authorize

  • end_session_endpoint, looks like https://<TENAT_ID>.<REGION>.auth0.com/oidc/logout

  • jwks_uri, looks like https://<TENAT_ID>.<REGION>.auth0.com/.well-known/jwks.json

  • issuer, looks like https://<TENAT_ID>.<REGION>.auth0.com/

• Go to Applications > APIs and open the created API

• In General Settings copy the Identifier