Setup your Identity Provider
Auth service works with an identity provider to authenticate users. Before setting up the Auth service, you need to set up an identity provider. In this tutorial, we'll use Auth0 as an example of an identity provider.
Here is a diagram to explain the flow of the authentication process.
- Complete Quickstart first If you haven't yet built the Inventory-tracker app from our templates.
- See Core concepts to get an overview of Workspace, Organization, Application and Service.
Tutorial steps
- Setting up Auth0
- Setting up Auth service
- Apply the change using
tailorctl
1. Setting up Auth0
If you don't have an Auth0 account, sign up for a free account at Auth0. After creating an account, you can locate your application's domain, client ID and client secret in the Application settings.
Add http://tailorctl.tailor.tech:8086/callback
to Allowed Callback URLs
in the Application URIs
section of the settings.
Now, we are ready to set up the Auth service.
2. Setting up Auth service
You can locate auth.cue
file in the services/auth
directory within your application.
This file contains the configuration for the Auth service.
<span><span style="color: var(--shiki-token-keyword)">package</span><span style="color: var(--shiki-color-text)"> auth</span></span>
<span></span>
<span><span style="color: var(--shiki-token-keyword)">import</span><span style="color: var(--shiki-color-text)"> (</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/auth</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/secretmanager</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/inventory-tracker/manifest</span><span style="color: var(--shiki-color-text)">:manifest</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/inventory-tracker/manifest/services/tailordb</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> tailordbType </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">tailor.build/inventory-tracker/manifest/services/tailordb/type</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)">)</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)">auth.#Spec </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: manifest.#app.namespace</span></span>
<span><span style="color: var(--shiki-color-text)"> IdProviderConfigs: [</span></span>
<span><span style="color: var(--shiki-color-text)"> auth.#IDProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Name: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">inventory-tracker-auth</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> Config: auth.#OIDC </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> ClientID: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><oidc-client-id></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> ClientSecret: secretmanager.#SecretValue </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> VaultName: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><vault-name></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> SecretKey: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)"><client-secret-key></span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> ProviderURL: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">https://YOUR-AUTH0-DOMAIN.us.auth0.com</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> ]</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProvider: auth.#UserProfileProviderType.TailorDB</span></span>
<span><span style="color: var(--shiki-color-text)"> UserProfileProviderConfig: auth.#TailorDBProviderConfig </span><span style="color: var(--shiki-token-keyword)">&</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)"> Namespace: tailordb.Namespace</span></span>
<span><span style="color: var(--shiki-color-text)"> Type: tailordbType.User.Name</span></span>
<span><span style="color: var(--shiki-color-text)"> UsernameField: </span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">email</span><span style="color: var(--shiki-color-text)">"</span></span>
<span><span style="color: var(--shiki-color-text)"> AttributesFields: [</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-token-string-expression)">userAttributes</span><span style="color: var(--shiki-color-text)">"</span><span style="color: var(--shiki-color-text)">]</span></span>
<span><span style="color: var(--shiki-color-text)"> }</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>
Replace the ClientID
and ProviderURL
with your Auth0 values.
Also, you need to store your ClientSecret
in the secret manager.
To store the secret, you need to create a vault and a key in the secret manager.
Run the following command to create a vault.
<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">vault</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">create</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--name</span><span style="color: var(--shiki-color-text)"> ${vault-name}</span></span>
<span></span>
Your vault name can only contain lowercase letters (a-z), numbers (0-9), and hyphens (-). It must start and end with a letter or number and be between 2 and 62 characters long.
Run the following command to store the secret with a key in the vault.
<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">vault</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">secret</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">create</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--vault</span><span style="color: var(--shiki-color-text)"> ${vault-name} </span><span style="color: var(--shiki-token-string)">--name</span><span style="color: var(--shiki-color-text)"> ${key} </span><span style="color: var(--shiki-token-string)">--value</span><span style="color: var(--shiki-color-text)"> ${client-secret}</span></span>
<span></span>
3. Apply the change using tailorctl
Generate new workspace CUE file and apply the Auth changes.
<span><span style="color: var(--shiki-token-function)">cue</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">eval</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-f</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">manifest/workspace.cue</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-o</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">generated/workspace.cue</span></span>
<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">apply</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-m</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">generated/workspace.cue</span></span>
<span></span>
You can now use your Auth service to manage access to resources.
Learn more
- In the Create user tutorial, we explain how to create users in your application.