This tutorial and sample project have been tested with the following:

• Apache 2.4

First, install the mod_auth_openidc module for Apache.

You can get the binaries from GitHub and install them for your OS. If your OS isn't compatible with any of the binaries, you can still build it from source.

Once you've installed the module, enable it for Apache with the a2enmod command. To learn more, read a2enmod on Ubuntu Manpage:

a2enmod auth_openidc

Update your new configuration file (auth_openidc.conf), located in the /etc/apache2/mods-available folder.

In the Auth0 Dashboard:

1. Go to Applications > Applications, and then select your application from the list.

2. Switch to the Settings view, and then locate the Application URIs section.

3. Add the value of OIDCRedirectURI to Allowed Callback URLs.

4. Locate Advanced Settings at the bottom of the page.

5. Switch to the OAuth view.

6. Set JSON Web Token (JWT) Signature Algorithm to RS256.

You can configure Apache to protect a specific location based on the value of a claim in the user’s ID token by adding a Location block to your auth_openidc.conf file.

For example, you could create an Action that reads the user’s roles, and then adds a claim that grants access to a protected location:

exports.onExecutePostLogin = async (event, api) => {
const roles = event.authorization.roles; // ['user', 'admin']
if (roles.includes('admin')) {
api.idToken.setCustomClaim('folder', 'admin');

}
};