Struggling with authentication

I’m using Auth0, and am struggling to integrate it:

I was able to add a secret passing the Auth0-provided Client Secret via --secret-key-literal

But I’m not able to add or generate a key with that secret. In both cases it seems to succeed (no error) but then ‘kalix services jwts list’ returns nothing.

Further, i’m confused about the dev key info in the “Running locally with JWT support” doc section…

Ultimately I’m just trying to run my app locally with authentication so I can retrieve the principal’s info to create entities and do stuff on behalf of.

I’ve got the sign up/in flow working in the webapp, I can log in, and I can add the bearer token to the Authorization header, but can’t get Kalix configured to use it locally.

Thanks in advance.

1 Like

I took a look at your project, you’ve created a secret, but it appears you don’t currently have any services deployed, so there’s not much I can do to investigate. It would help greatly if you could list the commands that you’re running.

For local development, what we currently support is JWTs that are not signed (ie, they use the none algorithm). It won’t work with signed JWTs.

Thanks James.

I’ve deployed the service now and I was able to add the token, so I’ll try my workflow there.

But going back to local testing for a minute, does that mean that it’s not possible to run locally and do the whole Auth0 login workflow in dev? I would have to generate tokens manually with no encryption via jwt.io or something and then override the normal logic in the client so that fake token is passed in the bearer header instead of the one that came from Auth0 upon login?

Answering my own question here, got tokens working locally:

I went to jwt.io, started with the default payload there, just edited the “sub” element to whatever user id I needed for testing, copied the encoded token on the left, and included that in the request headers like

-H ‘Authorization: Bearer <thetoken>’

Kalix picked that up fine and I was able to retrieve the user in my controller with

actionContext.metadata.jwtClaims.subject.get

1 Like