auth0: implement identity provider (#1470)

* auth0: implement identity provider

* add auth0 guide

* fix naming

docs/docs/identity-providers/auth0.md

@@ -0,0 +1,32 @@
+---
+title: Auth0
+lang: en-US
+sidebarDepth: 0
+meta:
+  - name: keywords
+    content: auth0
+---
+
+# Auth0
+
+[Log in to your Auth0 account](https://manage.auth0.com/) and head to your dashboard. Select **Applications** on the left menu. On the Applications page, click the **Create Application** button to create a new app.
+
+![Auth0 Applications Dashboard](./img/auth0/dashboard.png)
+
+## Create Regular Web Application
+
+On the **Create New Application** page, select the **Regular Web Application** for your application.
+
+![Auth0 Create Application Select Platform](./img/auth0/create.png)
+
+Next, provide the following information for your application settings:
+
+| Field                        | Description                                                               |
+| ---------------------------- | ------------------------------------------------------------------------- |
+| Name                         | The name of your application.                                             |
+| Application Login URI        | Authenticate URL (e.g. `https://${authenticate_service_url}`)             |
+| Allowed Callback URLs        | Redirect URL (e.g. `https://${authenticate_service_url}/oauth2/callback`).|
+
+Make sure to click **Save Changes** when you're done.
+
+On the same **Settings** page you can copy the **Domain** and use it as the provider url (e.g. `https://dev-xyz.us.auth0.com`), as well as the **Client ID** and **Client Secret**.

internal/identity/oidc/auth0/auth0.go

@@ -0,0 +1,49 @@
+// Package auth0 implements OpenID Connect for auth0
+//
+// https://www.pomerium.io/docs/identity-providers/auth0.html
+package auth0
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/pomerium/pomerium/internal/identity/oauth"
+	pom_oidc "github.com/pomerium/pomerium/internal/identity/oidc"
+)
+
+const (
+	// Name identifies the Auth0 identity provider
+	Name = "auth0"
+)
+
+// Provider is an Auth0 implementation of the Authenticator interface.
+type Provider struct {
+	*pom_oidc.Provider
+}
+
+// New instantiates an OpenID Connect (OIDC) provider for Auth0.
+func New(ctx context.Context, o *oauth.Options) (*Provider, error) {
+	// allow URLs that don't have a trailing slash
+	if !strings.HasSuffix(o.ProviderURL, "/") {
+		tmp := new(oauth.Options)
+		*tmp = *o
+		tmp.ProviderURL += "/"
+		o = tmp
+	}
+
+	var p Provider
+	var err error
+	genericOidc, err := pom_oidc.New(ctx, o)
+	if err != nil {
+		return nil, fmt.Errorf("%s: failed creating oidc provider: %w", Name, err)
+	}
+	p.Provider = genericOidc
+
+	return &p, nil
+}
+
+// Name returns the provider name.
+func (p *Provider) Name() string {
+	return Name
+}

internal/identity/providers.go

@@ -13,6 +13,7 @@ import (
 	"github.com/pomerium/pomerium/internal/identity/oauth"
 	"github.com/pomerium/pomerium/internal/identity/oauth/github"
 	"github.com/pomerium/pomerium/internal/identity/oidc"
+	"github.com/pomerium/pomerium/internal/identity/oidc/auth0"
 	"github.com/pomerium/pomerium/internal/identity/oidc/azure"
 	"github.com/pomerium/pomerium/internal/identity/oidc/gitlab"
 	"github.com/pomerium/pomerium/internal/identity/oidc/google"
@@ -35,6 +36,8 @@ type Authenticator interface {
 func NewAuthenticator(o oauth.Options) (a Authenticator, err error) {
 	ctx := context.Background()
 	switch o.ProviderName {
+	case auth0.Name:
+		a, err = auth0.New(ctx, &o)
 	case azure.Name:
 		a, err = azure.New(ctx, &o)
 	case gitlab.Name: