This feature is supported in Ambassador Pro. Ambassador Pro helps developers and operators accelerate their adoption of Kubernetes.

Register here to get started with a free trial of Ambassador Pro.

Auth0

With Auth0 as your IDP, you will need to create an Application to handle authentication requests from Ambassador Pro.

  1. Navigate to Applications and Select "CREATE APPLICATION"

  1. In the pop-up window, give the application a name and create a "Machine to Machine App"

  1. Select the Auth0 Management API. Grant any scopes you may require. (You may grant none.)

  1. In your newly created application, click on the Settings tab, add the Domain and Callback URLs for your service and ensure the "Token Endpoint Authentication Method" is set to Post. The default YAML installation of Ambassador Pro uses /callback for the URL, so the values should be the domain name that points to Ambassador, e.g., example.com/callback and example.com.

  1. Update the Auth0 Filter and FilterPolicy. You can get the ClientID and secret from your application settings:

    The audience is the API Audience of your Auth0 Management API:

    The authorizationURL is your Auth0 tenant URL.

    ---
    apiVersion: getambassador.io/v1beta2
    kind: Filter
    metadata:
     name: auth0_filter
     namespace: default
    spec:
     OAuth2:
       authorizationURL: https://datawire-ambassador.auth0.com
       clientURL: https://datawire-ambassador.com
       audience: https://datawire-ambassador.auth0.com/api/v2/
       clientID: fCRAI7svzesD6p8Pv22wezyYXNg80Ho8
       secret: CLIENT_SECRET
    ---
    apiVersion: getambassador.io/v1beta2
    kind: FilterPolicy
    metadata:
     name: httpbin-policy
     namespace: default
    spec:
     rules:
       - host: "*"
         path: /httpbin/ip
         filters:
           - name: auth0_filter ## Enter the Filter name from above
             arguments:
               scopes:
               - "openid"

    Note: By default, Auth0 requires the openid scope.