Apache

Community maintained

This tutorial demonstrates how to use the Auth0 Apache SDK to add authentication and authorization to your web app. We recommend that you log in to follow this quickstart with examples configured for your account.

System Requirements

This tutorial and seed project have been tested with the following:

  • Apache 2.4

Please follow the steps below to configure your application using Apache to work with Auth0 and Open ID Connect.

Install and Enable mod_auth_openidc Module

First, you need to install the mod_auth_openidc module for Apache.

You can get the binaries from Github and install them for your OS. If your OS isn't compatible with any of the binaries, you can still build it from source

Once you've installed it, you just need to enable it for Apache (If you are using Windows, you can use this to get a2enmod working on your system)

a2enmod auth_openidc

Was this helpful?

/

Configure the Module with Your Auth0 Account Information

Now you should get a new configuration file under the /etc/apache2/mods-available folder, where Apache modules are normally installed (On Windows you need to use /apache/conf/httpd.conf file).

In there, you must add the following configuration for the mod_auth_openidc module

# mods-available/auth_openidc.conf

OIDCProviderMetadataURL https://{yourDomain}/.well-known/openid-configuration
OIDCClientID {yourClientId}
OIDCClientSecret 'YOUR_CLIENT_SECRET'

OIDCScope "openid name email"
OIDCRedirectURI https://your_apache_server/your_path/redirect_uri/
OIDCCryptoPassphrase <passwordToEncryptTheSessionInformationOnTheCookie>

<Location /your_path>
   AuthType openid-connect
   Require valid-user
   LogLevel debug
</Location>

Was this helpful?

/

Configuring Auth0 Settings

In your application settings add a new allowed callback which is equal to OIDCRedirectURI.

Now, go to OAuth section in advanced settings and change JsonWebToken Token Signature Algorithm to RS256.

Authorization

You can configure Apache to protect a certain location based on an attribute of the user. Here is an example:

# mods-available/auth_openidc.conf

<Location /example>
   AuthType openid-connect
   #Require valid-user
   Require claim folder:example
</Location>

<Location /example2>
   AuthType openid-connect
   #Require valid-user
   Require claim folder:example2
</Location>

Was this helpful?

/

Then you can write a rule in Auth0 that would return the folder attribute:

function(user, context, callback) {
    if (somecondition()) {
       user.folder = 'example2';
    }

   user.folder = 'example';
}

Was this helpful?

/

Or you could even use an array of folders and the apache module will check if the array contains any of these values

function(user, context, callback) {
    user.folders = [];
    if (somecondition()) {
       user.folders.push('example2');
    }

   user.folders.push('example');
}

Was this helpful?

/

Did it work?

Any suggestion or typo?

Edit on GitHub