Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: Auth0 guide #379

Merged
merged 3 commits into from
Jan 3, 2025
Merged

update: Auth0 guide #379

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cae4ff7
Update _index.md
ErvinRacz Jan 3, 2025
b598442
authorization: update Auth0 guide
ErvinRacz Jan 3, 2025
ba5f99c
Update content/docs/latest/nebraska/authorization/_index.md
ErvinRacz Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 20 additions & 18 deletions content/docs/latest/nebraska/authorization/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,32 +145,34 @@ Now the member and admin roles are created, the admin role is a composite role w

## Adding roles scope to token

1. Click on `Rules` sub-menu from `Auth Pipeline` menu option.
2. Click on `Empty Rule` option.
3. Provide the name as `roles`.
4. Paste the following snippet in `Script` text box.
1. Click on `Actions > Library` and find the `Create Action` menu from top right.
2. Click on `Build from scratch` option.
3. Provide a name for the new action.
4. Choose the `Login / Post Login` trigger type and the recommended runtime.
5. Paste the following snippet in `Script` text box.
```js
function (user, context, callback) {
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'http://kinvolk.io';
const assignedRoles = (context.authorization || {}).roles;

let idTokenClaims = context.idToken || {};
let accessTokenClaims = context.accessToken || {};

idTokenClaims[`${namespace}/roles`] = assignedRoles;
accessTokenClaims[`${namespace}/roles`] = assignedRoles;

context.idToken = idTokenClaims;
context.accessToken = accessTokenClaims;
callback(null, user, context);
}
if (event.authorization) {
api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
}
};
```
Now the rule to add the roles to the token is setup, the roles will be available in the key `http://kinvolk.io/roles`.
6. Click on `Deploy`. Now the action to add the roles to the token is setup, but the we yet have to create the trigger for it.
ErvinRacz marked this conversation as resolved.
Show resolved Hide resolved
7. Go to `Triggers` under the `Actions` main menu.
8. Choose the `post-login` flow.
9. Find the newly created action on the right side (switch to the `custom` tab).
10. Drag & Drop the action between the `Start` and `Complete` steps in the flow.
11. Click `Apply`.

Now the action that adds the roles to the token will be triggered after each login and the roles will be available in the key `http://kinvolk.io/roles`.

Note: The `oidc-roles-path` argument accepts a JSONPath to fetch roles from the token, in this case set the value to `http://kinvolk\.io/roles`.

<p align="center">
<img width="100%" src="../images/auth0-token.gif">
<img width="100%" src="../images/auth0-actions.gif">
</p>

# Preparing Dex with github connector as an OIDC provider for Nebraska
Expand Down
Binary file added content/docs/latest/nebraska/images/auth0-actions.gif
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed content/docs/latest/nebraska/images/auth0-token.gif
View file
Open in desktop
Binary file not shown.