Check out v4 of the Fauna CLI

v4 of the Fauna CLI is now in beta.

The new version introduces enhancements to the developer experience, including an improved authentication workflow. To get started, check out the CLI v4 quick start.

Auth0 integration

This guide covers how to configure Auth0 as an access provider for a Fauna database.

Once set up, end users can log in to Auth0 to create a JWT for your client application. Your application can use the JWT as an authentication secret to run queries on the user’s behalf.

Before you start

To complete this guide, you’ll need:

Get the Fauna audience

  1. Log in to the Fauna Dashboard and select your database.

  2. Select the Access Providers tab and click Create Access Provider.

  3. Copy the Audience URL.

    Don’t close the Dashboard browser tab. You’ll use it later in the guide.

Configure Auth0

  1. In a separate browser tab, log in to Auth0.

  2. In the left navigation, select Applications > APIs.

  3. Click + Create API.

  4. In Name, enter a name for the API, such as fauna-my_app.

  5. In Identifier, paste the copied audience URL.

  6. Ensure the RS256 Signing Algorithm is selected.

  7. Click Create.

  8. Click the Test tab to display the API Test page.

  9. In the CURL example, copy the --url value. Omit the oauth/token portion but include the trailing slash (/).

    Don’t close the Auth0 tab. You’ll use it later in the guide.

Configure Fauna

  1. In the Dashboard browser tab, enter a Name for the access provider, such as Auth0.

  2. In Issuer, paste the copied Auth0 API URL.

  3. In JWKS endpoint, enter the same Auth0 API URL and append .well-known/jwks.json to the URL.

    For example, if the Auth0 API URL is https://dev—​nozpv3z.us.auth0.com/, JWKS endpoint should contain https://dev—​nozpv3z.us.auth0.com/.well-known/jwks.json.

  4. Click Create.

  5. In the Dashboard, update the access provider’s FSL schema to include a user-defined role:

    access provider Auth0 {
      ...
    
      // Adds a user-defined role to JWTs created by the access provider.
      role <role>
    }

    Don’t change the values of the issuer or jwks_uri fields.

  6. Click Save.

Test user access

Auth0 is now ready to create Fauna JWTs. Verify that the setup works:

  1. In the Auth0 browser tab’s Test page, copy the curl example.

  2. Run the curl request in your terminal.

    The output should be similar to:

    {"access_token":"eyJhbGcIqiJSUzI1N5IsInR5cCi6IkpXVCIsImTpZCI6ilNCZTczWmFyOWpKU3h
    ueG44QlNTSqJ9eyJpc3MiOiJQdHRwczovL2R6di0tbm96cHYzei51cy5hdXRoMC5jb20vIiwic3ViIjo
    ibDZ2SlM4UXZIQzJMbWlHUmFPVGlFMTZnaXZ1dWZSMjJAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZGI
    uZmF1bmEuY29tL2RiL3l4eGY1eDl3MXlieW4iLCJpYXQiOjE2MDU1MDI2NDgsImV4cCI6MTYwNTU4OTA
    0OCwiYXpwIjoibDZ2SlM4UXZIQzJMbWlHUmFPVGlFMTZnaXZ1dWZSMjIiLCJndHkiOiJjbGllbnQtY3J
    lZG.udGlhbHMif6 pdnzxME8gaQkyxsWhurgVzQcakcnMRUJEGcb83f_lgd0tWaE-VcFcfb-SXLCFX3IcJkls9woQVcFM91
    UCHRN_qSKjEzB1vOrFqQ73FSq33dLviGM_8E195R_zJVmCsb__ADhQCaWTYM-vO8ZSA7lC2WzVejLAg
    CJhOXwP7WGeG_FDfqVDM0InaJdVOoUwXF4SzZ00DVjJxSoKnsiRgwpPyaV3rGAQGVlijyYe1mea7D3g
    jHO2a-yUV-yT75xglTyjwC5WKHySXgu-iXq7x6N5JIRAcBh2-ka6sS5o61JHR35sFfXYpUiSiPj45XL
    nGhB7wbVwvq4mA3ur1bePg","expires_in":86400,"token_type":"Bearer"}

    Copy the access_token value. The value is the JWT.

  3. Use the JWT to run FQL queries as an end user in the Dashboard Shell or using the Fauna CLI. Using the CLI:

    fauna shell \
      --secret <JWT>

Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!