Auth0

Auth0 is an identity management platform that provides authentication and authorization as a service. Auth0 supports a variety of identity providers and provides features such as multifactor authentication and user management. Auth0 supports various authentication and authorization standards and protocols, including SAML and OIDC (see below for more on these protocols).

This section covers the Auth0 integration. Topics covered:

  • Creating users in Auth0
  • Creating and assign roles
  • Adding the role claim

You can use this article from Auth0 to get started creating an Auth0 application. The steps below cover creating users and managing roles.

Create users in Auth0

  1. Navigate to User Management > Users and click Create User.
  2. Enter the fields (all are required) in order to create the user:

example of creating users

Create and Assign Roles in Auth0

  1. Navigate to User Management > Roles and click Create Role.
  2. Enter a role name and description. Take note of the role name for later use.
  3. From either the Userslist page or the Roleslist page, you can link users to roles.

Add the Role Claim

In order for the Mindful application to read your Auth0 role, we have to do some setup to make sure they can be read.

  1. Navigate to Actions > Library.
  2. Click Build Custom at the top.
  3. Give the new Action a name and make sure the Trigger is Login/Post Login. This will run some custom code on a user's login that will add the role claim to the id and access tokens.
  4. Once created, you will be presented with a code window. Enter the following into the code window and click Deploy. The namespace variable will need to be whatever is appropriate for the customer:
/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are
logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the
behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
    const namespace = 'https://getmindful.com' // this should be whatever the company
domain is
    if (event.authorization) {
        console.log('Setting authorization: ',event.authorization );
        // USE THESE TWO LINES FOR OIDC
        api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
        api.accessToken.setCustomClaim(`${namespace}/roles`,
    event.authorization.roles);
        // USE THESE TWO LINES FOR SAML
        api.idToken.setCustomClaim(`roles`, event.authorization.roles);
        api.accessToken.setCustomClaim(`roles`, event.authorization.roles);
    }
}