Configure an Auth0 API Authentication to Use with Your Server

Share this video with your friends

Social Share Links

Send Tweet

One way to secure API routes is by using JSON Web Tokens (JWTs) which are passed with each request and checked before a lesson is returned. To do this, you need an OAuth server to provide the signing and authentication of these tokens. Auth0 provides this for free for up to 7,000 users.

In this lesson, we'll configure Auth0 and gather the details we need to be able to secure our API routes.

Kevin Cunningham: [0:00] To be able to authenticate within our application, we're first going to set up an API within Auth0.

[0:05] Once you've signed up for an account, you're going to go to APIs, going to click on Create API, I'm going to give it a name. In this case, I'm going to call it Catchphrase. My Identifier is going to be in the form of URL, even if it's not one that we own. In this case, I'm going to use catchphrase.app and record that for later. On the Signing Algorithm, I'm going to use this RS256.

[0:29] Once that's being created, we want to note down this identifier. Later on, that's going to be referred to as the audience.

[0:36] When we created the API, an application was also created to go alongside it called the Catchphrase (Test Application). Clicking in here, there are two details that we're going to need to note for later. Those two details are the Client ID and the Client Secret.

[0:55] This Client Secret you should keep secret. I'm going to reveal it here, and you'll see it's just a whole load of characters. Before I publish this tutorial, I'm going to refresh this key, so we won't be able to use that.

[1:08] Now, having recorded the Client ID, the Client Secret, and the Identifier, we're ready to start authenticating users of our API.