Auth0 Authentication Example

This is a quick guide on setting up Backoffice authentication with Auth0.

Prerequisites

In this example, you will need the following NuGet package

Auth0.AspNetCore.Authentication

Setting up Ucommerce Backoffice

Setting up Ucommerce backoffice with Auth0 requires you to set up an external authentication scheme and external claims mapper when calling .AddBackOffice()

To set up the authentication, use a helper method from the Auth0 package to add all the required services via the AuthenticationBuilder. We highly recommend looking into some of these methods, as they do much of the groundwork to set up OpenID.

var ucommerceBuilder = builder.Services
    .AddUcommerce(builder.Configuration)
    .AddBackOffice(securitySettings =>
        {
            securitySettings.AddExternalIdentityProvider<MyExternalClaimsMapper>(
                Auth0Constants.AuthenticationScheme,
                authenticationBuilder =>
                {
                    // Use the AuthenticationBuilder from ASP.NET to set up authentication
                    authenticationBuilder
                        .AddAuth0WebAppAuthentication(Auth0Constants.AuthenticationScheme,
                            auth0Options =>
                            {
                                auth0Options.Domain = builder.Configuration["Auth0:Domain"]!;
                                auth0Options.ClientId = builder.Configuration["Auth0:ClientId"]!;
                                // Ucommerce will handle the cookie session, so we disable it for Auth0
                                auth0Options.SkipCookieMiddleware = true;
                            });
                });
            // Configure Ucommerce to use your scheme from code
            securitySettings.UseExternalIdentityProvider(Auth0Constants.AuthenticationScheme);
        }
    )
    ...

Remember to create your external claims mapper to map the claims from Auth0 to Ucommerce.

Create your Auth0 application

Create your application in the Auth0 Dashboard.

When the application is created, update appsettings.json to keep track of Domain and ClientId.

  "Auth0": {
    "Domain": "{YourDomain}",
    "ClientId": "{YourClientID}"
  },

For further guidance on setting up Auth0, we recommend the Auth0 Quickstart Guide.

Related Articles

PreviousMicrosoft Entra ID ExampleNextDefinitions

Last updated