When we use an application for internal purpose, or to be accessible to certain people only and not for everyone on internet. We develop solutions for its authentication and authorisation. What if I say we have a tool that solves our this purpose. And is very easy to use and implement. Here, I am talking about Auth0. Which is a flexible, drop-in solution to add authentication and authorisation services to your applications. Using which our organisation can avoid the cost, time, and risk that come with building our own solution to authenticate and authorise users. And as the Tag line says: Secure Access for Anyone not Just Anyone.
Creating an Auth0 API :
When you first login to the Auth0 and create a account on it. An auto generated system API with the name Auth0 Management API gets automatically created with a set of attached permissions. Which is meant to be used by back-end servers or trusted parties performing administrative tasks. Generally speaking, anything that can be done through the Auth0 dashboard (and more) can also be done through this API.
But we have our custom APIs that we use to access the application so we will be adding that here. The Applications section of the dashboard is where you will find the APIs. Inside which we add ours custom APIs by clicking the Create API button. Give a name to this API and a valid Identifier, and click Create API. Click the API you have just created and navigate to the permission section of it. And here comes the most important part where we define permissions in the API according to our requirements. Enter the permission scope of the API and its description, and click ADD. Permission is added to this API. You can also test the API by going to the Test section. Where you will find a curl request, which will give you a response if ran the command on the terminal.
Since we are all set with the APIs we can now create a Role, add these permissions to it and add Users to these Roles.
Create an Auth0 Role:
You can find an Auth0 Role in the User Management section itself. To create a new role, use the Create Role button and enter your role name and its description.
A Role has all its value/importance through permissions attached to it. To provide a set of permissions to a user, we group those permissions and add them to a role, which is the sole purpose of a role. To attach any list of permissions to a role, click the role you have created and navigate to the permission section of it, click the add permission button and select the API and the permissions belonging to that API and click Add Permissions. Creating your first role was that simple.
Creating an Auth0 User :
To create an Auth0 User, navigate to the User Management section in the toolbar associated at the left and click the Users section in it. After that you will see a Create New User button, clicking which it will ask you to fill the details which includes Email id, Password and a Connection (which is the Database connection) that it will use. When we login to Auth0 it creates a default database connection which we can use or can add our own custom database connection there. Press the Create button and you have successfully created your Auth0 User.
Click the user you have just created and navigate to the Roles section of it and there you will find, currently, no Roles attached to this particular user, which can be done manually by clicking the Assign Roles button and assigning the particular role to it or can be done dynamically with the help of Rules, link to which is attached in the Reference section of this blog. But for now lets attach the Role manually.
In this way you have created a full authenticated login system and User having specific permissions only (which we have assigned through Roles), will be able to access particular service of your application. Although we have set this all manually, we can do that dynamically as well using Rules. For which you can refer to the link provided in the Reference.
Link that you can refer for Auth0 documentation: https://auth0.com/docs/
Link to refer for adding Roles dynamiclly using Rules: https://blog.knoldus.com/set-roles-to-user-in-auth0-using-rules/