Setup your Identity Provider

Auth service works with an identity provider to authenticate users. Before setting up the Auth service, you need to set up an identity provider. In this tutorial, we'll use Auth0 as an example of an identity provider.

Here is a diagram to explain the flow of the authentication process.

sequenceDiagram participant App participant TailorPF participant IDP App->>IDP: Sign up request. IDP->>App: Callback with authorization code. App->>TailorPF: Request access token with the code. TailorPF->>IDP: Send the code to validate the token. IDP->>TailorPF: Validate the code and send a result with username(email). TailorPF->>App: Issue access token and send it to the App.
  • Complete Quickstart first If you haven't yet built the Inventory-tracker app from our templates.
  • See Core concepts to get an overview of Workspace, Organization, Application and Service.

Tutorial steps

  1. Setting up Auth0
  2. Setting up Auth service
  3. Apply the change using tailorctl

1. Setting up Auth0

If you don't have an Auth0 account, sign up for a free account at Auth0. After creating an account, you can locate your application's domain, client ID and client secret in the Application settings.

Tutorials – Set up identity provider

Add http://tailorctl.tailor.tech:8086/callback to Allowed Callback URLs in the Application URIs section of the settings.

Tutorials – Set up identity provider

Now, we are ready to set up the Auth service.

2. Setting up Auth service

You can locate auth.cue file in the services/auth directory within your application. This file contains the configuration for the Auth service.

<span><span style="color: var(--shiki-token-keyword)">package</span><span style="color: var(--shiki-color-text)"> auth</span></span>
<span></span>
<span><span style="color: var(--shiki-token-keyword)">import</span><span style="color: var(--shiki-color-text)"> (</span></span>
<span><span style="color: var(--shiki-color-text)">	</span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/auth</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">	</span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">github.com/tailor-platform/tailorctl/schema/v2/secretmanager</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">	</span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">tailor.build/inventory-tracker/manifest</span><span style="color: var(--shiki-color-text)">:manifest</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">	</span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">tailor.build/inventory-tracker/manifest/services/tailordb</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">	tailordbType </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">tailor.build/inventory-tracker/manifest/services/tailordb/type</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">)</span></span>
<span></span>
<span><span style="color: var(--shiki-color-text)">auth.#Spec </span><span style="color: var(--shiki-token-keyword)">&amp;</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)">	Namespace: manifest.#app.namespace</span></span>
<span><span style="color: var(--shiki-color-text)">	IdProviderConfigs: [</span></span>
<span><span style="color: var(--shiki-color-text)">		auth.#IDProviderConfig </span><span style="color: var(--shiki-token-keyword)">&amp;</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)">			Name: </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">inventory-tracker-auth</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">			Config: auth.#OIDC </span><span style="color: var(--shiki-token-keyword)">&amp;</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)">				ClientID: </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">&lt;oidc-client-id&gt;</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">				ClientSecret: secretmanager.#SecretValue </span><span style="color: var(--shiki-token-keyword)">&amp;</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)">					VaultName: </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">&lt;vault-name&gt;</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">					SecretKey: </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">&lt;client-secret-key&gt;</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">				}</span></span>
<span><span style="color: var(--shiki-color-text)">				ProviderURL: </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">https://YOUR-AUTH0-DOMAIN.us.auth0.com</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">			}</span></span>
<span><span style="color: var(--shiki-color-text)">		}</span><span style="color: var(--shiki-token-punctuation)">,</span></span>
<span><span style="color: var(--shiki-color-text)">	]</span></span>
<span><span style="color: var(--shiki-color-text)">	UserProfileProvider: auth.#UserProfileProviderType.TailorDB</span></span>
<span><span style="color: var(--shiki-color-text)">	UserProfileProviderConfig: auth.#TailorDBProviderConfig </span><span style="color: var(--shiki-token-keyword)">&amp;</span><span style="color: var(--shiki-color-text)"> {</span></span>
<span><span style="color: var(--shiki-color-text)">		Namespace:     tailordb.Namespace</span></span>
<span><span style="color: var(--shiki-color-text)">		Type:          tailordbType.User.Name</span></span>
<span><span style="color: var(--shiki-color-text)">		UsernameField: </span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">email</span><span style="color: var(--shiki-color-text)">&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">		AttributesFields: [</span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-token-string-expression)">userAttributes</span><span style="color: var(--shiki-color-text)">&quot;</span><span style="color: var(--shiki-color-text)">]</span></span>
<span><span style="color: var(--shiki-color-text)">	}</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>

Replace the ClientID and ProviderURL with your Auth0 values. Also, you need to store your ClientSecret in the secret manager.

To store the secret, you need to create a vault and a key in the secret manager.

Run the following command to create a vault.

<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">vault</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">create</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--name</span><span style="color: var(--shiki-color-text)"> ${vault-name}</span></span>
<span></span>

Your vault name can only contain lowercase letters (a-z), numbers (0-9), and hyphens (-). It must start and end with a letter or number and be between 2 and 62 characters long.

Run the following command to store the secret with a key in the vault.

<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">vault</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">secret</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">create</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">--vault</span><span style="color: var(--shiki-color-text)"> ${vault-name} </span><span style="color: var(--shiki-token-string)">--name</span><span style="color: var(--shiki-color-text)"> ${key} </span><span style="color: var(--shiki-token-string)">--value</span><span style="color: var(--shiki-color-text)"> ${client-secret}</span></span>
<span></span>

3. Apply the change using tailorctl

Generate new workspace CUE file and apply the Auth changes.

<span><span style="color: var(--shiki-token-function)">cue</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">eval</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-f</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">manifest/workspace.cue</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-o</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">generated/workspace.cue</span></span>
<span><span style="color: var(--shiki-token-function)">tailorctl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">workspace</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">apply</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-m</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">generated/workspace.cue</span></span>
<span></span>

You can now use your Auth service to manage access to resources.

Learn more