JWT and Auth0 with Tyk

Last updated: 2 minutes read.

Overview

This will walk you through securing your APIs with JWTs via Auth0. We also have the following video that will walk you through the process.

Prerequisites

  • A free account with Auth0
  • A Tyk Self-Managed or Cloud installation

Create an application in Auth0

  1. Log in to your Auth0 account.
  2. Select APIs from the Applications menu.

Auth0 Create API

  1. Click Create API and enter a name and identifier for your API.

Auth0 API details

  1. From the Test tab, follow the instructions on how to get an access token.

Auth0 Test with cURL

  • From the cURL tab copy the token request command.
curl --request POST \
  --url https://dev-yjd8e8u5.us.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":{CLIENT_ID},"client_secret":{CLIENT_SECRET},"audience":{AUDIENCE},"grant_type":"client_credentials"}'
  1. Paste the command in a terminal window to generate your token. Save this token locally.
{
  "access_token": "xxxxxxxxxxx",
  "token_type": "Bearer"
}
  1. After creating your API, a new Auth0 Application will be created. Go to the Applications section to view it.

New Auth0 Application

  1. Copy the Domain from the Basic Information. You will use this when adding an API to Tyk.

Auth0 Application Basic Information

Create your API in Tyk

  1. Log in to your Tyk Dashboard
  2. Create a new HTTP API (the default http://httpbin.org upstream URL is fine)

Tyk Create HTTP API

  1. From the Authentication section, select JSON Web Token (JWT) as your authentication mode.
  2. Select RSA public Key as the JWT signing method.
  3. Enter your Auth0 Application Domain from Step 8 above to complete the jwks_uri end point https://<<your-auth0-domain>>/.well-known/jwks.json
  4. Copy your jwks_uri in to the Public Key field.

Tyk API Authentication

  1. Add an Identity Source and Policy Field Name. The defaults of sub and pol are fine.
  2. Save your API.
  3. From the System Management section, select Policies
  4. Click Add Policy
  5. Select your Auth0 API

Tyk Policy access rights

  1. You can keep the rest of the access rights at the defaults.
  2. Click the Configurations tab and enter a Policy Name and a Keys Expiry after period.

Tyk Policy Configuration

  1. Click Create Policy.
  2. Edit your JWT Auth0 API and add the policy you created as the Default Policy from the Authentication section.

Tyk API Default Policy Configuration

  1. From the top of the API copy the API URL
  2. From a terminal window using the API URL and the Auth0 generated token.
curl -X GET {API URL}  -H "Accept: application/json" -H "Authorization: Bearer {token}"
  1. If using the httpbin upstream URL as in the example Tyk API, you should see the HTML returned for the httpbin service in your terminal.
  2. If there is an error with the request, you will see the following error message.
{
  "error": "Key not authorized:Unexpected signing method."
}