Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How can I disable Auth0 integration?

See original GitHub issue

I have used docker-compose up to run the krakend, but the website let me to login.

How can I disable Auth0 integration? or how can I get these auth0 params?

var AUTH0_CLIENT_ID='AUTH0_CLIENT_ID';
var AUTH0_DOMAIN='AUTH0_DOMAIN';
var AUTH0_AUDIENCE = 'AUTH0_AUDIENCE';

Issue Analytics

State:
Created 4 years ago
Comments:13 (5 by maintainers)

Top GitHub Comments

3reactions

ghostcommented, Mar 9, 2020

The website project is just a demo integration with auth0. I’m not sure what are you expecting to get from it without the external JWT provider.

@kpacha

In the README.md under Start the service it explains how to configure these values. But, to me the heading ‘Only if you want to try the Auth0 integration…’ implies that the Auth0 configuration is optional and should work without any configuration.

If it’s not optional, then that heading should be re-worded to avoid confusion. Otherwise, it might be worth disabling checkJwt, and checkScopes if the configuration fields are empty or set to default.

2reactions

dxpscommented, Dec 29, 2021

@crnastena Somehow GitHub sent me a notification about this thread today, months later …

Here are my notes from that time (an year ago). Not sure if these still hold or things changed that much that I’d have to follow again all the steps and see what’s different now. But anyway, hope it helps.

Playing with `krakend-playground`

Logged in to Auth0 and created:
- a tenant domain named dxps.eu.auth0.com
- a personal account
- an SPA type of application named KrakendPlaygroundSPA

Updated web/auth0-variables.js file with:

var AUTH0_CLIENT_ID = "a3v ... O4e";
var AUTH0_DOMAIN = "dxps.eu.auth0.com";
var AUTH0_AUDIENCE = "http://localhost:8080/private";
var AUTH0_CALLBACK_URL = location.href;

Suppose you forgot or want to change one of these values, after updating this file you can rebuilt the image with docker-compose build web
To get the access token as JWS, I created an Custom API named Private with Identifier as http://localhost:8080/private (used as the audience param on authorization calls).
- By default (without an API), the access token is not a JWT nor JWS.
- Added read:private permission in the API definition (Permissions tab).
Related to user access mgmt:
- In User Management > Roles I create the user role and added that read:private permission defined at that API level.
- In User Management > Users click your account, go to Roles tab and grant it this user role. Then you can validate the result by going to Permissions tab and see that indirectly (assigned through the role) the account has the read:private permission.
Started all services using docker-compose up
UI (a simple SPA-like) is accessible at http://localhost:3000
Although JWS looks alright (jwt.io extension shows it), KrakenD throws the error Error #01: no Keys has been found

krakend.json file was updated on "endpoint": "/private/auth0" for krakend-jose/validator config to have:

"audience": ["http://localhost:8080/private"],
"roles_key": "permissions",
"roles": ["read:private"],
"jwk-url": "https://dxps.eu.auth0.com/.well-known/jwks.json"