Skip to main content
Star us on GitHub Star

Auth0 for BrowZer

How to configure Auth0 for OpenZiti BrowZer

Get an Auth0 Account

If you don't already have an account you can sign up for a free account at https://auth0.com/signup

Add a new Application

Once you have an Auth0 account, click on "Applications" in the left navbar:

Auth0 Applications


Then click on the "Create Application":

Auth0 Create Application


Then Create a "Single Page Web Application":

Auth0 Create SPA

Add Callback & Logout URL

BrowZer software will perform an OIDC/PKCE exchange with your Auth0 identity provider when your users authenticate onto your Ziti network. For this to succeed, you need to add your wildcard domain to both the Allowed Callback URLs setting, and the Allowed Logout URLs setting for your Aut0 application:

Auth0 callbacks


For example:

Auth0 callbacks


Failure to properly configure the above two settings will result in the following Auth0 error page when your users visit your BrowZer URL:

Auth0 callbacks


Gather IdP Information

Your OpenZiti network must be configured to become aware of your Auth0 identity provider. OpenZiti refers to the identity provider as an External JWT Signer. Before you can set up the new JWT signer, you must gather some information from the new Auth0 Application that you just created:

  • the clientId
  • the issuer
  • the jwks_uri

Gather clientId

The clientID value can be found in the Settings tab of the SPA you created above:

Auth0 clientId


Gather issuer

The issuer can be found via the openid-configuration endpoint that all OIDC-compliant identity providers expose. The openid-configuration endpoint URL for Auth0 looks like this:

https://<AUTH0_DOMAIN>/.well-known/openid-configuration

where the value for <AUTH0_DOMAIN> can be found in the Settings tab of the SPA you created above:

Auth0 Domain

When you enter the openid-configuration endpoint URL (https://<AUTH0_DOMAIN>/.well-known/openid-configuration) into a browser, you will receive a response resembling the following:

Auth0 OIDC config


Take note of the issuer value.


Gather jwks_uri

Take note of the jwks_uri value returned from the above openid-configuration endpoint URL.


Create External JWT Signer

Using the values described above, use the ziti CLI to configure an external JWT signer that represents your Auth0 identity provider. You can find details on how to do this in the BrowZer Quickstart documentation