Credijusto Manages Authentication with Auth0 and Pulumi

Posted on

Fernando Carletti Fernando Carletti

Guest author Lead Devops Engineer Fernando Carletti, writes about using the Pulumi Auth0 provider to manage resources at Credijusto.

Auth0 allows you to simplify your authentication process. The Auth0 Provider allows you to manage the Auth0 resources, managing Applications, Databases, Social Connections, APIs, and other resources. Here at Credijusto we use it manage authentication from the front-end through all the APIs that serve that request, leveraging the complexity of the authentication to Auth0.

For this article, we will start a new Pulumi project in a fresh Auth0 account and fully configure it for a backend and a single page application and set up a connection to Github which allows you apps to authenticate with it using OAuth.

Setup the project

Create a new Pulumi program:

$ pulumi new typescript

Install the Auth0 provider SDK:

$ npm add @pulumi/auth0

Create the Auth0 resources in index.ts you created as shown in the example below.

Configure the credentials

Here we will use the credentials of the default application created by Auth0. For production use, you may want to create a new one or rename the Test Application to ensure Pulumi uses its own set of credentials.

Note: please use your domain, clientId, and clientSecret. You can find the Test Application credentials in Auth0’s Applications page.

pulumi config set auth0:domain my-account.auth0.com
pulumi config set auth0:clientId foo
pulumi config set auth0:clientSecret --secret bar
pulumi config set githubClientId github-foo
pulumi config set githubClientSecret --secret github-bar

Tip: You can create your Github OAuth Application here.

Configure the Tenant

Auth0 creates an initial tenant when a new account is created. Any tenant resource you create will end up configuring the tenant of which the Test Application is part of, even while Pulumi is saying a new resource is created, it will only set the properties on its existing tenant.

Let’s set a friendly name for our tenant:

new auth0.Tenant('default', {
  friendlyName: 'Hello Pulumi!'
});

By accessing your settings page you should be to see the Friendly Name field configured.

Create the applications

Now we need to create our applications. Since the Auth0 provider uses the same naming as the Management API, the Application is called Client.

Let’s create both the frontend and backend applications:

const backend = new auth0.Client('backend', {
  appType: 'non_interactive'
});

const frontend = new auth0.Client('frontend', {
  appType: 'spa'
});

Note that the backend is set as the non_interactive type, this is referred to as Machine to machine in the Auth0 console.

Create the Github connection

With the applications set, we need to create a social connection using Github and allow those applications to use it:

const config = new pulumi.Config();

new auth0.Connection('github', {
  strategy: 'github',
  enabledClients: [backend.id, frontend.id],
  options: {
    clientId: config.require('githubClientId'),
    clientSecret: config.requireSecret('githubClientSecret'),
  }
});

Pulumi allows you to manage your Auth0 resources allowing you to easily replicate your configuration across multiple environments. Read more about the Auth0 Provider.

Share this post

Introducing Drift Detection, TTL Stacks, and Scheduled Deployments. Learn More.