Integrate Tyk with Auth0

There’s been a lot of community chatter about this, and a lot of back-and forth trying to get Auth0 to play nice with Tyk’s low-level JWT handling.

Well, now you can chill, because Auth0 integration is now easy as pie!

Let’s get things ready:

  1. In your Auth0 Application, under OAuth Settings, click “Show Advanced Settings”
  2. Select the “OAuth” tab
  3. Make sure “JsonWebToken Token Signature Algorithm” is set to RS256
  4. Save it

Tyk OpenID Connect Support with RSA Keys

We’re going to simulate a login here, but in a real app, as part of your OAuth flow, you will need to add scope=openid to your authorize request in order to get the OpenID ID Token.

To simulate a login (I assume you have a test user), browse to your “Users” section and click “Sign In As User” and select your App. In order to get the ID Token, you must use the “Client Side App” option.

Tyk Auth0 OpenID Connect Support

When you click this, you’ll be taken to a login page provided by Auth0, you don’t actually need to log in, Auth0 will do that for you. But in the address bar, you will see a query-string parameter called “id_token”, this is your OpenID ID token you are going to try and use with Tyk, copy that token to a file somewhere safe.

Now that we have a token we can play with, we can use it with an API we are proxying with Tyk.

Setting up Auth0 with Tyk

  1. Create a new API, let’s call it auth0
  2. Select “OpenID Connect” as your Authentication mode
  3. Save it.

OIDC with Tyk is a little chicken-and-egg, because we need to apply a set of access rules to users coming in via different clients, so we actually need to create a policy before adding the rules to your API Definition. So now that we’ve saved the API: go create a policy that grants access to it.

Now, back to your Auth0 API Definition:

  1. Add your Auth0 URL as the provider (e.g. https://tyk-test.eu.auth0.com/, each one is different) – in the field that has accounts.google.com as a sample text, and click “Add”
  2. When the new issuer is added, get your Auth0 App’s Client ID and add it as an approved Client ID, and under policies, select the policy you just created.
  3. Click “Add” – you’ll see the policy add to the table
  4. Save the API

Ok, you’re all set – now all you need to do is craft a request to your API using the Authorization: Bearer {id-token} header. You’ll see that the token will get through, and the rate limits / policies will be applied for the user that was requested.

Easy as pie 🙂

Tyk v2.1 is out – Now with Open ID Connect, bug fixes and more!

Recently we announced that we had added full support for Open ID Connect to our Cloud platform, and that we were moving it to our next release in due course.

Well, the wait is over – and as of today it is available to everyone! That’s right, Tyk v2.1 and Tyk Dashboard v1.1 are now available.

This release’s main feature is the OIDC support, however we have also made many improvements and bug fixes, all of which can be seen in the Change Log.

To get started with 2.1 you can just upgrade your existing installations, all the deployment methods are supported and v2.1 will be the default installation for all major distribution methods, but before you go off and do that, please back-up your configuration files!

This is our first attempt at making smaller, more regular releases to ensure that upgrades are easier and involve less risk for you, we dog-food every feature and change in our cloud platform before we cut a version for on-premise installation, so you can be sure that we’ve put all our builds through their paces.


Martin & The Tyk Team

Scroll to top