Configure Auth0 for Dynamic Client Registration
- Enterprise Konnect account.
- An Auth0 account
To use dynamic client registration (DCR) with Auth0 as the identity provider (IdP), there are two important configurations to prepare in Auth0. First, you must authorize an Auth0 application so Konnect can use the Auth0 Management API on your behalf. Next, you will create an API audience that Konnect applications will be granted access to.
To get started configuring Auth0, log in to your Auth0 dashboard and complete the following:
Configure access to the Auth0 Management API
Konnect will use a client ID and secret from an Auth0 application that has been authorized to perform specific actions in the Auth0 Management API.
From the sidebar, select Applications > Applications
Click the Create Application button
Give the application a memorable name, like “Konnect Portal DCR Admin”
Select the application type Machine to Machine Applications and click create
Authorize the application to access the Auth0 Management API by selecting it from the dropdown. It will have a URL of the pattern
- In the Permissions section, ensure you have selected the following permissions to be granted and click authorize:
- On the application’s page, visit the Settings tab and note where you can view the values for Client ID and Client Secret, which you will use in a later step.
Configure the API audience
Note: You can use an existing API entity if there is one already defined in Auth0 that represents the audience you are/will be serving with Konnect Portal applications. In most cases, it is a good idea to create a new API that is specific to your Konnect Portal applications.
To create a new API audience:
From the sidebar, select Applications > APIs
Click the Create API button
Give the API a memorable name, like “Konnect Portal Applications”
Set the identifier to a value that represents the audience the API is serving
Note the identifier value used above, which is also known as the audience, as it will be used as the Client Token Audience value in Konnect
Configure the Dev Portal
Once you have Auth0 configured, you can set up the Dev Portal to use Auth0 for dynamic client registration (DCR).
Sign in to Konnect, then select Dev Portal from the menu.
Click Settings to open the Dev Portal settings.
Click the Application Setup tab to open the DCR settings for your Dev Portal.
Select Auth0 as the external identity provider.
Enter the Issuer for your Auth0 tenant, it will look something like
Note: You can find the value for your
AUTH0_TENANT_SUBDOMAINby visiting Settings from the Auth0 sidebar and finding the Tenant Name in the General tab.
Enter the Client Token Audience as the identifier value you set when configuring the API entity above
openidinto the Scopes field
azpinto the Consumer Claims field, which will match the client ID of each Auth0 application
Enter the Client ID from the admin application created in Auth0 above into the Initial Client ID field.
Enter the Client secret from the admin application created in Auth0 above into the Initial Client Secret field.
If you previously configured any DCR settings, this will overwrite them.
Create an application with DCR
From the My Apps page in the Dev Portal, follow these instructions:
Click New App.
Fill out the Create New Application form with your application name, redirect URI, and a description.
Click Create to save your application.
After your application is created, you will see the Client ID and Client Secret. Store these values, they will only be shown once.
Click Proceed to continue to the application’s details page.
Make a successful request
In the previous steps, you obtained the Client ID and Client Secret. To authorize the request, you must attach this client secret pair in the header. You can do this by using any API product, such as Insomnia, or directly using the command line:
curl example.com/REGISTERED_ROUTE -H "Authorization: Basic CLIENT_ID:CLIENT_SECRET"
example.com is the address of the runtime instance you are running.