playground-community
playground-community copied to clipboard
How can I disable Auth0 integration?
I have used docker-compose up
to run the krakend, but the website let me to login.
How can I disable Auth0 integration? or how can I get these auth0 params?
var AUTH0_CLIENT_ID='AUTH0_CLIENT_ID';
var AUTH0_DOMAIN='AUTH0_DOMAIN';
var AUTH0_AUDIENCE = 'AUTH0_AUDIENCE';
I think you need to remove checkJwt, checkScopes
middlewares in https://github.com/devopsfaith/krakend-playground/blob/master/web/server.js
and remove JOSE JWT validation("github.com/devopsfaith/krakend-jose/validator"
) extra_config
in krakend.json
Or to get parameters you can just create a free account and API on auth0, those values are available in API settings.
The website project is just a demo integration with auth0. I'm not sure what are you expecting to get from it without the external JWT provider.
you can create a free account and you'll get the credentials for your SPA
The website project is just a demo integration with auth0. I'm not sure what are you expecting to get from it without the external JWT provider.
@kpacha
In the README.md under Start the service it explains how to configure these values. But, to me the heading 'Only if you want to try the Auth0 integration...' implies that the Auth0 configuration is optional and should work without any configuration.
If it's not optional, then that heading should be re-worded to avoid confusion. Otherwise, it might be worth disabling checkJwt
, and checkScopes
if the configuration fields are empty or set to default.
the website has 2 main goals: demonstrate the CORS module and integrating your JWT validation with third party providers such as auth0. If you are not interested in these features, you don't need the website project. Notice the gateway exposes more endpoints than just the consumed by the website.
If you think the wording on the README is confusing, please submit a pr with your proposal
@xzygis I started playing with it today and just managed to have it working with Auth0. 🥳 Meaning to have that Call Private button (that calls /private/auth0
) working. I could share my notes, maybe a readme update or a dedicate page would help others also.
@kpacha I would create a PR that should include Auth0 trial setup in a step-by-step manner, so people can have this quickstart option (as marketed by the Installing KrakenD page) as smooth as possible. Also, some quick reasoning about some concepts would be nice to be included.
@devisions I'd love that!
(sorry for the delay but it looks like your comment got lost in my inbox)
@dxps looking forward to it!
If you think the wording on the README is confusing, please submit a pr with your proposal
Thanks, I'm well aware of how GitHub and open source projects work.
localhost:3000 says Error: access_denied. Check the console for further details.
what it means I just run docker-compose
@xzygis I started playing with it today and just managed to have it working with Auth0. 🥳 Meaning to have that Call Private button (that calls
/private/auth0
) working. I could share my notes, maybe a readme update or a dedicate page would help others also.
@dxps did you ever put up those notes on getting /private/auth0 to work? I keep getting this in logs:
krakend_ce_1 | [GIN] 2021/09/06 - 10:43:09 | 401 | 373.462756ms | 172.21.0.1 | GET "/private/auth0"
krakend_ce_1 | Error #01: no Keys has been found
Thanks.
you can follow the official auth0 documentation regarding how to create and config a new client (https://auth0.com/docs/quickstart/spa/angular#configure-auth0) or ours (https://www.krakend.io/docs/authorization/auth0/#the-auth0---krakend-integration)
there you'll get your client id, audience, domain and jwk-url for configuring your SPA (web/auth0-variables.js
) and your KrakenD (krakend/krakend.json
)
@crnastena Somehow GitHub sent me a notification about this thread today, months later ...
Here are my notes from that time (an year ago). Not sure if these still hold or things changed that much that I'd have to follow again all the steps and see what's different now. But anyway, hope it helps.
Playing with krakend-playground
-
Logged in to Auth0 and created:
- a tenant domain named
dxps.eu.auth0.com
- a personal account
- an SPA type of application named
KrakendPlaygroundSPA
- a tenant domain named
-
Updated
web/auth0-variables.js
file with:var AUTH0_CLIENT_ID = "a3v ... O4e"; var AUTH0_DOMAIN = "dxps.eu.auth0.com"; var AUTH0_AUDIENCE = "http://localhost:8080/private"; var AUTH0_CALLBACK_URL = location.href;
-
Suppose you forgot or want to change one of these values, after updating this file you can rebuilt the image with
docker-compose build web
-
To get the access token as
JWS
, I created an Custom API named Private with Identifier ashttp://localhost:8080/private
(used as theaudience
param on authorization calls).- By default (without an API), the access token is not a JWT nor JWS.
- Added
read:private
permission in the API definition (Permissions tab).
-
Related to user access mgmt:
- In User Management > Roles I create the
user
role and added thatread:private
permission defined at that API level. - In User Management > Users click your account, go to Roles tab and grant it this
user
role. Then you can validate the result by going to Permissions tab and see that indirectly (assigned through the role) the account has theread:private
permission.
- In User Management > Roles I create the
-
Started all services using
docker-compose up
-
UI (a simple SPA-like) is accessible at http://localhost:3000
-
Although JWS looks alright (jwt.io extension shows it), KrakenD throws the error
Error #01: no Keys has been found
-
krakend.json
file was updated on"endpoint": "/private/auth0"
forkrakend-jose/validator
config to have:"audience": ["http://localhost:8080/private"], "roles_key": "permissions", "roles": ["read:private"], "jwk-url": "https://dxps.eu.auth0.com/.well-known/jwks.json"
-
Started the services again with
docker-compose up
@crnastena Somehow GitHub sent me a notification about this thread today, months later ...
Thanks man ! I commented on it yesterday just to realize the link I was posting was already there.
I found a way to fix it as well on my side for a simplier implementation, I just kept alg
, audience
and jwk-url
in the extra config.