diff --git a/docs/docs/identity-providers/auth0.md b/docs/docs/identity-providers/auth0.md new file mode 100644 index 000000000..962289a05 --- /dev/null +++ b/docs/docs/identity-providers/auth0.md @@ -0,0 +1,32 @@ +--- +title: Auth0 +lang: en-US +sidebarDepth: 0 +meta: + - name: keywords + content: auth0 +--- + +# Auth0 + +[Log in to your Auth0 account](https://manage.auth0.com/) and head to your dashboard. Select **Applications** on the left menu. On the Applications page, click the **Create Application** button to create a new app. + +![Auth0 Applications Dashboard](./img/auth0/dashboard.png) + +## Create Regular Web Application + +On the **Create New Application** page, select the **Regular Web Application** for your application. + +![Auth0 Create Application Select Platform](./img/auth0/create.png) + +Next, provide the following information for your application settings: + +| Field | Description | +| ---------------------------- | ------------------------------------------------------------------------- | +| Name | The name of your application. | +| Application Login URI | Authenticate URL (e.g. `https://${authenticate_service_url}`) | +| Allowed Callback URLs | Redirect URL (e.g. `https://${authenticate_service_url}/oauth2/callback`).| + +Make sure to click **Save Changes** when you're done. + +On the same **Settings** page you can copy the **Domain** and use it as the provider url (e.g. `https://dev-xyz.us.auth0.com`), as well as the **Client ID** and **Client Secret**. diff --git a/docs/docs/identity-providers/img/auth0/create.png b/docs/docs/identity-providers/img/auth0/create.png new file mode 100644 index 000000000..c0bf921f8 Binary files /dev/null and b/docs/docs/identity-providers/img/auth0/create.png differ diff --git a/docs/docs/identity-providers/img/auth0/dashboard.png b/docs/docs/identity-providers/img/auth0/dashboard.png new file mode 100644 index 000000000..20250b389 Binary files /dev/null and b/docs/docs/identity-providers/img/auth0/dashboard.png differ diff --git a/internal/identity/oidc/auth0/auth0.go b/internal/identity/oidc/auth0/auth0.go new file mode 100644 index 000000000..acbf71a7e --- /dev/null +++ b/internal/identity/oidc/auth0/auth0.go @@ -0,0 +1,49 @@ +// Package auth0 implements OpenID Connect for auth0 +// +// https://www.pomerium.io/docs/identity-providers/auth0.html +package auth0 + +import ( + "context" + "fmt" + "strings" + + "github.com/pomerium/pomerium/internal/identity/oauth" + pom_oidc "github.com/pomerium/pomerium/internal/identity/oidc" +) + +const ( + // Name identifies the Auth0 identity provider + Name = "auth0" +) + +// Provider is an Auth0 implementation of the Authenticator interface. +type Provider struct { + *pom_oidc.Provider +} + +// New instantiates an OpenID Connect (OIDC) provider for Auth0. +func New(ctx context.Context, o *oauth.Options) (*Provider, error) { + // allow URLs that don't have a trailing slash + if !strings.HasSuffix(o.ProviderURL, "/") { + tmp := new(oauth.Options) + *tmp = *o + tmp.ProviderURL += "/" + o = tmp + } + + var p Provider + var err error + genericOidc, err := pom_oidc.New(ctx, o) + if err != nil { + return nil, fmt.Errorf("%s: failed creating oidc provider: %w", Name, err) + } + p.Provider = genericOidc + + return &p, nil +} + +// Name returns the provider name. +func (p *Provider) Name() string { + return Name +} diff --git a/internal/identity/providers.go b/internal/identity/providers.go index 862b5ba28..74d51ef42 100644 --- a/internal/identity/providers.go +++ b/internal/identity/providers.go @@ -13,6 +13,7 @@ import ( "github.com/pomerium/pomerium/internal/identity/oauth" "github.com/pomerium/pomerium/internal/identity/oauth/github" "github.com/pomerium/pomerium/internal/identity/oidc" + "github.com/pomerium/pomerium/internal/identity/oidc/auth0" "github.com/pomerium/pomerium/internal/identity/oidc/azure" "github.com/pomerium/pomerium/internal/identity/oidc/gitlab" "github.com/pomerium/pomerium/internal/identity/oidc/google" @@ -35,6 +36,8 @@ type Authenticator interface { func NewAuthenticator(o oauth.Options) (a Authenticator, err error) { ctx := context.Background() switch o.ProviderName { + case auth0.Name: + a, err = auth0.New(ctx, &o) case azure.Name: a, err = azure.New(ctx, &o) case gitlab.Name: