How can I disable Auth0 integration?

[xzygis]

I have used docker-compose up to run the krakend, but the website let me to login.

How can I disable Auth0 integration? or how can I get these auth0 params?

var AUTH0_CLIENT_ID='AUTH0_CLIENT_ID';
var AUTH0_DOMAIN='AUTH0_DOMAIN';
var AUTH0_AUDIENCE = 'AUTH0_AUDIENCE';

[sbusso]

I think you need to remove checkJwt, checkScopes middlewares in https://github.com/devopsfaith/krakend-playground/blob/master/web/server.js and remove JOSE JWT validation("github.com/devopsfaith/krakend-jose/validator") extra_config in krakend.json

Or to get parameters you can just create a free account and API on auth0, those values are available in API settings.

[kpacha]

The website project is just a demo integration with auth0. I'm not sure what are you expecting to get from it without the external JWT provider.

you can create a free account and you'll get the credentials for your SPA

[ghost]

The website project is just a demo integration with auth0. I'm not sure what are you expecting to get from it without the external JWT provider.

@kpacha

In the README.md under Start the service it explains how to configure these values. But, to me the heading 'Only if you want to try the Auth0 integration...' implies that the Auth0 configuration is optional and should work without any configuration.

If it's not optional, then that heading should be re-worded to avoid confusion. Otherwise, it might be worth disabling checkJwt, and checkScopes if the configuration fields are empty or set to default.

[kpacha]

the website has 2 main goals: demonstrate the CORS module and integrating your JWT validation with third party providers such as auth0. If you are not interested in these features, you don't need the website project. Notice the gateway exposes more endpoints than just the consumed by the website.

If you think the wording on the README is confusing, please submit a pr with your proposal

[dxps]

@xzygis I started playing with it today and just managed to have it working with Auth0. 🥳 Meaning to have that Call Private button (that calls /private/auth0) working. I could share my notes, maybe a readme update or a dedicate page would help others also.

@kpacha I would create a PR that should include Auth0 trial setup in a step-by-step manner, so people can have this quickstart option (as marketed by the Installing KrakenD page) as smooth as possible. Also, some quick reasoning about some concepts would be nice to be included.

[kpacha]

@devisions I'd love that!

(sorry for the delay but it looks like your comment got lost in my inbox)

[alombarte]

@dxps looking forward to it!

[ghost]

If you think the wording on the README is confusing, please submit a pr with your proposal

Thanks, I'm well aware of how GitHub and open source projects work.

[sopwer]

localhost:3000 says Error: access_denied. Check the console for further details.

what it means I just run docker-compose

[crnastena]

@xzygis I started playing with it today and just managed to have it working with Auth0. 🥳 Meaning to have that Call Private button (that calls /private/auth0) working. I could share my notes, maybe a readme update or a dedicate page would help others also.

@dxps did you ever put up those notes on getting /private/auth0 to work? I keep getting this in logs:

krakend_ce_1       | [GIN] 2021/09/06 - 10:43:09 | 401 |  373.462756ms |      172.21.0.1 | GET      "/private/auth0"
krakend_ce_1       | Error #01: no Keys has been found

Thanks.

[kpacha]

you can follow the official auth0 documentation regarding how to create and config a new client (https://auth0.com/docs/quickstart/spa/angular#configure-auth0) or ours (https://www.krakend.io/docs/authorization/auth0/#the-auth0---krakend-integration)

there you'll get your client id, audience, domain and jwk-url for configuring your SPA (web/auth0-variables.js) and your KrakenD (krakend/krakend.json)

[dxps]

@crnastena Somehow GitHub sent me a notification about this thread today, months later ...

Here are my notes from that time (an year ago). Not sure if these still hold or things changed that much that I'd have to follow again all the steps and see what's different now. But anyway, hope it helps.

Playing with krakend-playground

• Logged in to Auth0 and created:

  • a tenant domain named dxps.eu.auth0.com
  • a personal account
  • an SPA type of application named KrakendPlaygroundSPA

• Updated web/auth0-variables.js file with:

  var AUTH0_CLIENT_ID = "a3v ... O4e";
  var AUTH0_DOMAIN = "dxps.eu.auth0.com";
  var AUTH0_AUDIENCE = "http://localhost:8080/private";
  var AUTH0_CALLBACK_URL = location.href;
  

• Suppose you forgot or want to change one of these values, after updating this file you can rebuilt the image with docker-compose build web

• To get the access token as JWS, I created an Custom API named Private with Identifier as http://localhost:8080/private (used as the audience param on authorization calls).

  • By default (without an API), the access token is not a JWT nor JWS.
  • Added read:private permission in the API definition (Permissions tab).

• Related to user access mgmt:

  • In User Management > Roles I create the user role and added that read:private permission defined at that API level.
  • In User Management > Users click your account, go to Roles tab and grant it this user role. Then you can validate the result by going to Permissions tab and see that indirectly (assigned through the role) the account has the read:private permission.

• Started all services using docker-compose up

• UI (a simple SPA-like) is accessible at http://localhost:3000

• Although JWS looks alright (jwt.io extension shows it), KrakenD throws the error Error #01: no Keys has been found

• krakend.json file was updated on "endpoint": "/private/auth0" for krakend-jose/validator config to have:

  "audience": ["http://localhost:8080/private"],
  "roles_key": "permissions",
  "roles": ["read:private"],
  "jwk-url": "https://dxps.eu.auth0.com/.well-known/jwks.json"
  

• Started the services again with docker-compose up

[Oxonium]

@crnastena Somehow GitHub sent me a notification about this thread today, months later ...

Thanks man ! I commented on it yesterday just to realize the link I was posting was already there.

I found a way to fix it as well on my side for a simplier implementation, I just kept alg, audience and jwk-url in the extra config.