Set up your Identity Provider

Auth service works with an identity provider to authenticate users. Before setting up the Auth service, you need to set up an identity provider. In this tutorial, we'll use Auth0 as an example of an identity provider.

In the Tailor Platform, where OIDC authentication is configured with an IdP, the following authorization flow is used to obtain an access token.

Since the authentication flow with the IdP (the part enclosed in the blue square) is separated from the client,
the client can execute the authorization flow with TailorPF without being aware of the IdP's existence.
In the case SAML authentication is configured with an IdP, this part is replaced with the SAML authentication flow.

Prerequisite

  • Complete Quickstart first If you haven't yet built the Inventory Management System app from our template.
  • See Core concepts to get an overview of Workspace, Organization, Application and Service.

Before configuring the Auth service for authentication, you need to set up an identity provider.

In this tutorial, we'll use Auth0 as an example of an identity provider. If you don't have an Auth0 account, sign up for a free account at Auth0.

After creating the account, configure Auth0 with your preferred authentication protocol, as outlined below, to register your IdP with the Auth service.

  1. Setting up IdP for OIDC
  2. Setting up IdP for SAML
  3. Setting up IdP for ID Token

1. Setting up IdP for OIDC

In the Auth0 Dashboard, locate your application's domain, client ID, and client secret in the Application settings.

Tutorials – Set up identity provider

Add http://tailorctl.tailor.tech:8086/callback to Allowed Callback URLs in the Application URIs section of the settings.

Tutorials – Set up identity provider

2. Setting up IdP for SAML

In the Auth0 Dashboard, navigate to Applications and select your application. Select Addons tab to enable SAML2 WEB APP.

Tutorials – Set up identity provider SAML

After enabling the SAML2 WEB APP, click on the addon and select settings tab, enter http://tailorctl.tailor.tech:8086/callback into the Application Callback URL.

Enter the following setting in the Settings section. Here, we are using an email address as a user identifier. You can update the settings to use a different identifier. Scroll to the bottom of the tab and save the settings.

<span><span style="color: var(--shiki-color-text)">{</span></span>
<span><span style="color: var(--shiki-color-text)">  </span><span style="color: var(--shiki-token-function)">&quot;nameIdentifierFormat&quot;</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">&quot;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&quot;</span><span style="color: var(--shiki-token-string)">,</span></span>
<span><span style="color: var(--shiki-color-text)">  </span><span style="color: var(--shiki-token-function)">&quot;nameIdentifierProbes&quot;</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> [</span></span>
<span><span style="color: var(--shiki-color-text)">    </span><span style="color: var(--shiki-token-function)">&quot;http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress&quot;</span></span>
<span><span style="color: var(--shiki-color-text)">  ]</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>

Tutorials – Set up identity provider

3. Setting up IdP for ID Token

In the Auth0 Dashboard, locate your application's domain, client ID and client secret in the Application settings.

Tutorials – Set up identity provider ID token

Add http://tailorctl.tailor.tech:8086/callback to Allowed Callback URLs in the Application URIs section of the settings.

Tutorials – Set up identity provider ID token

(Optional) Below are the steps to enable Password Grant exchanges.

These steps are optional. They are configured to allow easy acquisition of ID Tokens using the Password grant type.

  1. Configure tenant

In the Auth0 dashboard, select Settings from the navigation and locate API Authorization Settings in the General tab. Scroll down to locate the Default Directory setting and enter Username-Password-Authentication.

Tutorials – Set up identity provider ID token

  1. Update Grant Types

Select your application from the Applications section, then navigate to the Settings tab, and scroll down to find Advanced Settings.

In the Advanced Settings, navigate to the Grant Types tab and check the box next to Password to enable the Password grant type.

Tutorials – Set up identity provider ID token

Next, copy your API Identifier by selecting APIs under Applications from the navigation menu.

Tutorials – Set up identity provider ID token

Next steps

After configuring the IdP with your preferred authentication protocol, you are ready to register it with the Auth service.