Auth0 Authentication Setup
Auth0 is a flexible authentication and authorization platform that integrates seamlessly with Zudoku. This guide walks you through setting up Auth0 authentication for your documentation site.
Prerequisites
If you don't have an Auth0 account, you can sign up for a free Auth0 account that provides 7,000 monthly active users.
Setup Steps
-
Create Auth0 Application
Create a new Auth0 application in the Auth0 dashboard:
- Select type Single Page Web Applications
- Give your application a descriptive name
-
Configure Auth0 Application
In your Auth0 application settings, configure the following:
Application URLs:
-
Allowed Callback URLs:
- Production:
https://your-site.com/oauth/callback
- Preview (wildcard):
https://*.your-domain.com/oauth/callback
- Local Development:
http://localhost:3000/oauth/callback
- Production:
-
Allowed Logout URLs: Same as callback URLs above
-
Allowed Web Origins:
- Production:
https://your-site.com
- Preview (wildcard):
https://*.your-domain.com
- Local development:
http://localhost:3000
- Production:
Refresh Token Settings:
- Rotation: Enabled
- Reuse Interval: 0 (recommended)
Keep the default refresh token expiration settings unless you have specific requirements.
-
-
Create an Auth0 API:
- Navigate to the APIs section in the Auth0 dashboard
- Click Create API
- Set a name (e.g., "Dev Portal API") and an identifier (e.g.,
https://your-domain.com/api
) - Choose RS256 as the signing algorithm
- Save the API
This step is important. If you skip creating an API, Dev Portal will not be able to validate the tokens issued by Auth0, leading to authentication failures.
-
Configure Zudoku
Add the Auth0 configuration to your Dev Portal configuration file:
CodeWhere:
- domain: Your Auth0 domain (found in your application's Basic Information)
- clientId: The Client ID from your Auth0 application settings
- audience: The identifier of the Auth0 API you created (e.g.,
https://your-domain.com/api
)
Advanced Configuration
Custom Scopes
If you need additional scopes for your API access, you can specify them in the configuration:
Code
Troubleshooting
Common Issues
-
Callback URL Mismatch: Ensure your callback URLs in Auth0 exactly match your site's URL, including the
/oauth/callback
path. -
CORS Errors: Add your site's domain to the Allowed Web Origins in Auth0.
-
Authentication Loop: Check that your Auth0 domain includes the protocol (
https://
) but no trailing slash. -
Token Validation Errors: Ensure the audience in your Dev Portal configuration matches the identifier of the Auth0 API you created.
Next Steps
- Learn about protecting routes in your documentation
- Explore other authentication providers supported by Dev Portal - Configure user permissions based on Auth0 roles