4.1 Set up an Authentication Server
Auth0 is an Authentication as a Service platform. It gives you an Auth server + SDKs that handles everything Authentication while you focus on just implementation. You can start using Auth0 for free; therefore, we won’t pay for anything to use it for Herm.
- Create an Auth0 account
- Create an Auth0 Client
Head to Auth0 and sign up with your preferred option:
When you complete the sign-up process, you should find a dashboard that looks like:
An Auth0 Client is an app instance. Ideally, each user-facing app you build should be tied to a unique client. A client gives you credentials that you can use to authenticate a user using the Auth server.
To create a client, click the + Create Application button on your dashboard:
Choose Regular Web Applications
Give the app a name and click the CREATE button.
Once the client is created, you should get a page with the client ID. Click on Settings tab to start configuring the client.
This page shows both your client ID and Secret. The Secret should NEVER be publicly available.
Scroll down the settings pages and update the following field with:
- Allowed Callback URLs: http://localhost:3000/api/callback
- Allowed Logout URLs: http://localhost:3000/
You should also add your production urls by comma-separating them:
- Allowed Callback URLs: http://localhost:3000/api/callback, https://hermapp.azurewebsites.net/api/callback
- Allowed Logout URLs: http://localhost:3000/, https://hermapp.azurewebsites.net/
Scroll to the bottom of the page and click SAVE CHANGES.
Since we are going to be protecting our APIs, we need Auth0 to be aware of that. You can do this by creating an API from the dashboard.
On the Sidebar, click the API menu, then click + CREATE API button:
Name the API and pick any identifier you like. The best practice for identifiers is to use the URL of your API, as shown below:
Click the CREATE button.