Auth0
This guide covers how to configure Auth0 as an access provider for a Fauna database.
Once set up, end users can log in to Auth0 to create a JWT for your client application. Your application can use JWT as an authentication secret to run queries on the user’s behalf.
Before you start
To complete this guide, you’ll need:
-
An Auth0 account.
-
A Fauna database with a role to use for JWTs created by Auth0. In most cases, this is a user-defined role.
Get the Fauna audience
-
Log in to the Fauna Dashboard and select your database.
-
Select the Access Providers tab and click Create Access Provider.
-
Copy the Audience URL.
Don’t close the Dashboard browser tab. You’ll use it later in the guide.
Configure Auth0
-
In a separate browser tab, log in to Auth0.
-
In the left navigation, select Applications > APIs.
-
Click + Create API.
-
In Name, enter a name for the API, such as fauna-my_app.
-
In Identifier, paste the copied audience URL.
-
Ensure the RS256 Signing Algorithm is selected.
-
Click Create.
-
Click the Test tab to display the API Test page.
-
In the CURL example, copy the
--url
value. Omit theoauth/token
portion but include the trailing slash (/
).Don’t close the Auth0 tab. You’ll use it later in the guide.
Configure Fauna
-
In the Dashboard browser tab, enter a Name for the access provider, such as Auth0.
-
In Issuer, paste the copied Auth0 API URL.
-
In JWKS endpoint, enter the same Auth0 API URL and append
.well-known/jwks.json
to the URL.For example, if the Auth0 API URL is
https://dev—nozpv3z.us.auth0.com/
, JWKS endpoint should containhttps://dev—nozpv3z.us.auth0.com/.well-known/jwks.json
. -
Click Create.
-
In the Dashboard, update the access provider’s FSL schema to include a user-defined role:
access provider Auth0 { ... // Adds a user-defined role to JWTs created by the access provider. role <role> }
Don’t change the values of the
issuer
orjwks_uri
fields. -
Click Save.
Test user access
Auth0 is now ready to create Fauna JWTs. Verify that the setup works:
-
In the Auth0 browser tab’s Test page, copy the curl example.
-
Run the curl request in your terminal.
The output should be similar to:
{"access_token":"eyJhbGcIqiJSUzI1N5IsInR5cCi6IkpXVCIsImTpZCI6ilNCZTczWmFyOWpKU3h ueG44QlNTSqJ9eyJpc3MiOiJQdHRwczovL2R6di0tbm96cHYzei51cy5hdXRoMC5jb20vIiwic3ViIjo ibDZ2SlM4UXZIQzJMbWlHUmFPVGlFMTZnaXZ1dWZSMjJAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZGI uZmF1bmEuY29tL2RiL3l4eGY1eDl3MXlieW4iLCJpYXQiOjE2MDU1MDI2NDgsImV4cCI6MTYwNTU4OTA 0OCwiYXpwIjoibDZ2SlM4UXZIQzJMbWlHUmFPVGlFMTZnaXZ1dWZSMjIiLCJndHkiOiJjbGllbnQtY3J lZG.udGlhbHMif6 pdnzxME8gaQkyxsWhurgVzQcakcnMRUJEGcb83f_lgd0tWaE-VcFcfb-SXLCFX3IcJkls9woQVcFM91 UCHRN_qSKjEzB1vOrFqQ73FSq33dLviGM_8E195R_zJVmCsb__ADhQCaWTYM-vO8ZSA7lC2WzVejLAg CJhOXwP7WGeG_FDfqVDM0InaJdVOoUwXF4SzZ00DVjJxSoKnsiRgwpPyaV3rGAQGVlijyYe1mea7D3g jHO2a-yUV-yT75xglTyjwC5WKHySXgu-iXq7x6N5JIRAcBh2-ka6sS5o61JHR35sFfXYpUiSiPj45XL nGhB7wbVwvq4mA3ur1bePg","expires_in":86400,"token_type":"Bearer"}
Copy the
access_token
value. The value is the JWT. -
Use the JWT to run FQL queries as an end user in the Dashboard Shell or using the Fauna CLI. Using the CLI:
fauna shell --secret <JWT>
Is this article helpful?
Tell Fauna how the article can be improved:
Visit Fauna's forums
or email docs@fauna.com
Thank you for your feedback!