Request a demo
Menu

External OAuth Server with bundle

1 minute read
Edit on GitHub

Even though the bundle start core plgd services as processes in a single container, a user has still a possibility to configure most of the services parameters. For testing purposes, the external OAuth Server (e.g. Auth0) can be set up. To skip the internal OAuth2.0 Mock Server and switch to your external one, configure the following environment variables:

SOURCE Copy
Copied
            OAUTH_AUDIENCE: https://api.example.com
    OAUTH_ENDPOINT: auth.example.com
    OAUTH_CLIENT_ID: ij12OJj2J23K8KJs
    OAUTH_CLIENT_SECRET: 654hkja12asd123d
    OWNER_CLAIM: sub

How to configure Auth0

Copy
Copied

Assuming you have an account in the Auth0 OAuth as a service, you need to create 2 Applications and one API. Follow these steps to successfully configure the bundle to run against your Auth0 instance.

  1. Create new API in the APIs section
    1. Use name of your choice
    2. Set a unique API identifier (e.g. https://api.example.com)
    3. After saving open details of newly created api and Enable Offline Access
    4. Store the internal Auth0 API Id required for the step 2c
    5. Switch to Permissions tab and add openid scope to the list
  2. Create new Regular Web Application in the Application section
    1. Make sure Token Endpoint Authentication Method is set to None
    2. Add https://{FQDN}:{NGINX_PORT} and https://{FQDN}:{NGINX_PORT}/api/authz/callback to Allowed Callback URLs
    3. Add https://{FQDN}:{NGINX_PORT} to Allowed Logout URLs
    4. Add https://{FQDN}:{NGINX_PORT} to Allowed Web Origins
    5. Open Advanced Settings, switch to OAuth tab and paste here the API Id from the step 1d
    6. Switch to Grant Types and make sure only Implicit, Authorization Code and Refresh Token grants are enabled
  3. Create new Machine to Machine Application in the Application section
    1. Set Token Endpoint Authentication Method to Post
    2. Add https://{FQDN}:{NGINX_PORT} to Allowed Callback URLs
    3. Add https://{FQDN}:{NGINX_PORT} to Allowed Web Origins
    4. Open Advanced Settings, switch to OAuth tab and paste here the API Id from the step 1d
    5. Switch to Grant Types and make sure only Client Credentials grant is enabled

See Also

Copy
Back Create & Delete device resources
Next Working with gRPC Client
May 13, 2021

Get started

plgd makes it simpler to build a successful IoT initiative – to create a proof of concept, evaluate, optimize, and scale.

Try free Talk to us
Get Started Illustration Get Started Illustration