Authenticating in Auth0 with Keyless
Last updated
Was this helpful?
Last updated
Was this helpful?
Integrating the Keyless authentication mechanism with existing IAMs requires some preliminary work on various parts of the customer’s Service Provider:
Binding of the user’s Auth0 identity with a Keyless ID: this happens via Keyless Enrollment. The user performs a normal enrollment with an option in the configuration that accepts an idToken
, coming from Auth0. This can be retrieved via standard Auth0 login flow.
Account linking: After the user’s idToken
has been bound to a Keyless Identity, the Auth0 authentication with Keyless will succeed. This authentication, though, returns a different user_id
. This is because the Auth0 user_id
and the Keyless user_id
have not been linked. There are many tutorials on how to perform
Create a secure connection between Keyless and Auth0, allowing you to leverage Keyless as an Identity Provider in Auth0.
Before following this guide, contact the Keyless Delivery Team to get the following information:
Discovery URL:
https://idp.keyless.io/realms/YOUR_REALM/.well-known/openid-configuration
Client ID: Will be provided by Keyless Delivery team.
Client Secret: Will be provided by Keyless Delivery team.
Scopes: Include any additional scopes you want to request (e.g., openid, profile, email).
Log in to your Auth0 account and navigate to the Dashboard.
In the Dashboard, go to Authentication > Enterprise > OpenID Connect.
Click Create Connection
Name: Enter a name for your connection (e.g., Keyless-SDK-Connection).
Issuer URL: Enter the Discovery URL provided by the Delivery team
Test the Connection by logging in with a test user and navigating to the Try Connection option in the Auth0 Dashboard.
In the Auth0 Dashboard, go to Applications > Applications.
Select the application you want to connect to Keyless, navigate to the Connections tab, and enable the newly created Keyless connection.
Once everything has been set up, specify the name of the Auth0 connection you’ve just created as part of the /authorize
endpoint of Auth0 within the SDK configuration.
This step can vary considerably by implementation. Contact the Keyless Solution Engineering team to discuss the best approach for your setup.
To enroll a user,
Retrieve the id_token
from Auth0
Perform a Keyless Enrollment, providing the id_token
into the withIAMToken
builder function:
Once the Enrollment phase completes successfully, authenticate the user.
Two preliminary steps are necessary before authentication:
Generatie a cryptographically secure UUID that we’re going to call operationId
Retrieve a value called keylessId
via the getUserId()
API.
Concatenate the UUID and keylessId
to produce the login_hint
: login_hint = <operation_id>;<keyless_id>
Authenticate with Keyless providing the operationId
:
Once successfully authenticated, launch a custom tab to log in with Keyless via Auth0, providing the login_hint
previously built as a parameter with key login_hint
.
Once you’re given access to the Keyless Dashboard by our tech support team, configure the OpenID URL in the Keyless Dashboard, o
Open the Access Control page.
Click on the IDP Configuration tab, this will redirect you to another page which contains what we’re looking for, the OpenID Configuration.
Set the OpenID Configuration URL please type a valid OpenID URL, here some examples of valid URLs:
https://yourdomain.auth0.com/.well-known/
https://yourdomain.auth0.com/.well-known
https://yourdomain.auth0.com/
https://yourdomain.auth0.com
Click the Save Configuration button.
Before performing Enrollment and Authentication, follow to using the Keyless SDK.