This add-on is operated by AUTH0 INC

Secure access for everyone. But not just anyone.

Last updated July 18, 2022

Auth0 is an add-on for providing single sign on and user management with social and enterprise identities.

• Enable Email/Password authentication and Single Sign On with brute force protection for all your apps (web, single page, native or hybrid).
• Consolidate/migrate your own user repositories (PG, mySql, SQL Server, Mongo, etc.) under a single identity store as they login (no bulk import needed)
• Add SAML authentication without worrying about the integration with multiple providers (ADFS, SiteMinder, PingFederate, Okta, OneLogin, etc.), we take care of that.
• Add social authentication with Google, Facebook, Microsoft Account, 30+ others or any other OAuth2 provider.
• Get a normalized user profile regardless of the provider used.
• Add support for linking user accounts manually or automatically by email.
• Pull data from other sources and add it to the user profile, through JavaScript rules.
• Single Sign On with Third Party Apps/Platforms like WordPress, Zendesk, Drupal, and more.

Auth0 is accessible via an API and has supported client libraries for Ruby, Node.js and many others.

Provisioning the add-on

Auth0 can be attached to a Heroku application via the CLI:

$ heroku addons:create auth0 --type=[nodejs|rails] --subdomain=myapp
-----> Adding Auth0 to sharp-mountain-4005... done, v18 (free)

Once Auth0 has been added you will have three settings on your app:

• AUTH0_CLIENT_ID: the id that identifies your application.
• AUTH0_CLIENT_SECRET: the secret for your application
• AUTH0_DOMAIN: you will get your own subdomain on auth0
• AUTH0_CALLBACK_URL: the url where auth0 will redirect the user after authentication

$ heroku config:get AUTH0_CLIENT_ID
9jf020kksfiuhifruiudtgudjsoeiuk

After installing Auth0 the application should be configured to fully integrate with the add-on.

Local setup

Environment setup

After provisioning the add-on it’s necessary to locally replicate the config vars so your development environment can operate against the service.

Use the Heroku Local command-line tool to configure, run and manage process types specified in your app’s Procfile. Heroku Local reads configuration variables from a .env file. To view all of your app’s config vars, type heroku config. Use the following command to add the values retrieved from heroku config to your .env file.

$ heroku config -s | grep 'AUTH0_CLIENT_ID\|AUTH0_CLIENT_SECRET\|AUTH0_DOMAIN' | tee -a .env

For more information, see the Heroku Local article.

Tutorials

Login to Auth0 Dashboard

$ heroku addons:open auth0
Opening Auth0 for sharp-mountain-4005…

Or by visiting the Heroku Dashboard and selecting the application in question. Select Auth0 from the Add-ons menu.

Choose the right tutorial

• Ruby on Rails Tutorial
• Play 2 Scala
• Node.js
• PHP
• PHP + Laravel
• PHP + Symfony

Auth0 also helps with Single Page Apps with APIs. Here are some of the most popular ones:

• Angular.js + Ruby on Rails API (uses JSON Web Tokens)
• Ember + Node.js API (uses JSON Web Tokens)
• React + Python API (uses JSON Web Tokens)
• React + Java Spring API (uses JSON Web Tokens)

… and native and hybrid mobile apps with APIs.

• iOS Swift + Go API (uses JSON Web Tokens)
• Ionic + Node API (uses JSON Web Tokens)

There are a lot more tutorials/combinations on https://auth0.com/docs

Removing the add-on

Auth0 can be removed via the CLI.

$ heroku addons:destroy auth0
-----> Removing auth0 from sharp-mountain-4005... done, v20 (free)

Support

All Auth0 support and runtime issues should be submitted via on of the Heroku Support channels. Any non-support related issues or product feedback is welcome via the small question icon on the dashboard.