Apache

System Requirements

This tutorial and seed project have been tested with the following:

  • Apache 2.4

Please follow the steps below to configure your application using Apache to work with Auth0 and Open ID Connect.

Install and Enable mod_auth_openidc Module

First, you need to install the mod_auth_openidc module for Apache.

You can get the binaries from Github and install them for your OS. If your OS isn't compatible with any of the binaries, you can still build it from source

Once you've installed it, you just need to enable it for Apache (If you are using Windows, you can use this to get a2enmod working on your system)

a2enmod auth_openidc

Configure the Module with your Auth0 Account Information

Now you should get a new configuration file under the /etc/apache2/mods-available folder, where Apache modules are normally installed (On Windows you need to use /apache/conf/httpd.conf file).

In there, you must add the following configuration for the mod_auth_openidc module

OIDCProviderIssuer https://YOUR_AUTH0_DOMAIN
OIDCProviderAuthorizationEndpoint https://YOUR_AUTH0_DOMAIN/authorize
OIDCProviderTokenEndpoint https://YOUR_AUTH0_DOMAIN/oauth/token
OIDCProviderTokenEndpointAuth client_secret_post
OIDCProviderUserInfoEndpoint https://YOUR_AUTH0_DOMAIN/userinfo

OIDCClientID YOUR_CLIENT_ID
OIDCClientSecret YOUR_CLIENT_SECRET
OIDCProviderJwksUri https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json

OIDCScope "openid name email"
OIDCRedirectURI https://your_apache_server/your_path/redirect_uri/
OIDCCryptoPassphrase <passwordToEncryptTheSessionInformationOnTheCookie>
OIDCCookiePath /your_path/

SSLEngine on
SSLCertificateFile /home/your_cert.crt
SSLCertificateKeyFile /home/your_key.key

<Location /your_path/>
   AuthType openid-connect
   Require valid-user
   LogLevel debug
</Location>

Configuring Auth0 Settings

In your application settings add new allowed callback which is equal to OIDCRedirectURI.

Now, go to OAuth section in advanced settings and change JsonWebToken Token Signature Algorithm to RS256.

Authorization

You can configure Apache to protect a certain location based on an attribute of the user. Here is an example:

<Location /example/>
   AuthType openid-connect
   #Require valid-user
   Require claim folder:example
</Location>

<Location /example2>
   AuthType openid-connect
   #Require valid-user
   Require claim folder:example2
</Location>

Then you can write a rule in Auth0 that would return the folder attribute:

function(user, context, callback) {
    if (somecondition()) {
       user.folder = 'example2';
    }

   user.folder = 'example';
}

Or you could even use an array of folders and the apache module will check if the array contains any of these values

function(user, context, callback) {
    user.folders = [];
    if (somecondition()) {
       user.folders.push('example2');
    }

   user.folders.push('example');
}
Use Auth0 for FREECreate free Account