Credijusto Manages Authentication with Auth0 and Pulumi
Posted on
Guest author Lead Devops Engineer Fernando Carletti, writes about using the Pulumi Auth0 provider to manage resources at Credijusto.
Auth0 allows you to simplify your authentication process. The Auth0 Provider allows you to manage the Auth0 resources, managing Applications, Databases, Social Connections, APIs, and other resources. Here at Credijusto we use it manage authentication from the front-end through all the APIs that serve that request, leveraging the complexity of the authentication to Auth0.
For this article, we will start a new Pulumi project in a fresh Auth0 account and fully configure it for a backend and a single page application and set up a connection to Github which allows you apps to authenticate with it using OAuth.
Setup the project
Create a new Pulumi program:
$ pulumi new typescript
Install the Auth0 provider SDK:
$ npm add @pulumi/auth0
Create the Auth0 resources in index.ts
you created as shown in the example below.
Configure the credentials
Here we will use the credentials of the default application created by Auth0. For production use, you may want to create a new one or rename the Test Application
to ensure Pulumi uses its own set of credentials.
Note: please use your domain, clientId, and clientSecret. You can find the Test Application
credentials in Auth0’s Applications page.
pulumi config set auth0:domain my-account.auth0.com
pulumi config set auth0:clientId foo
pulumi config set auth0:clientSecret --secret bar
pulumi config set githubClientId github-foo
pulumi config set githubClientSecret --secret github-bar
Tip: You can create your Github OAuth Application here.
Configure the Tenant
Auth0 creates an initial tenant when a new account is created. Any tenant resource you create will end up configuring the tenant of which the Test Application
is part of, even while Pulumi is saying a new resource is created, it will only set the properties on its existing tenant.
Let’s set a friendly name for our tenant:
new auth0.Tenant('default', {
friendlyName: 'Hello Pulumi!'
});
By accessing your settings page you should be to see the Friendly Name
field configured.
Create the applications
Now we need to create our applications. Since the Auth0 provider uses the same naming as the Management API, the Application is called Client.
Let’s create both the frontend and backend applications:
const backend = new auth0.Client('backend', {
appType: 'non_interactive'
});
const frontend = new auth0.Client('frontend', {
appType: 'spa'
});
Note that the backend
is set as the non_interactive
type, this is referred to as Machine to machine
in the Auth0 console.
Create the Github connection
With the applications set, we need to create a social connection using Github and allow those applications to use it:
const config = new pulumi.Config();
new auth0.Connection('github', {
strategy: 'github',
enabledClients: [backend.id, frontend.id],
options: {
clientId: config.require('githubClientId'),
clientSecret: config.requireSecret('githubClientSecret'),
}
});
Pulumi allows you to manage your Auth0 resources allowing you to easily replicate your configuration across multiple environments. Read more about the Auth0 Provider.