@@ -650,6 +650,53 @@ This example sends the signed claims:
650650
651651NB: The JWT implementation only supports the RSA and HMAC based algorithms.
652652
653+ ##### Configure and test JWT authentication with Auth0
654+
655+ First you need to create an account on [ Auth0] ( https://auth0.com/auth/login ) .
656+ Once logged in, you have to create an application (its type does not matter). Collect the ` Domain `
657+ and ` Client ID ` and keep them for a later use. Then, create an API: give it a name and fill the
658+ ` identifier ` field with your API endpoint's URL.
659+
660+ Then you have to configure the ` jwtAuth.secret ` configuration in your ` api.php ` file.
661+ Don't fill it with the ` secret ` you will find in your Auth0 application settings but with ** a
662+ public certificate** . To find it, go to the settings of your application, then in "Extra settings".
663+ You will now find a "Certificates" tab where you will find your Public Key in the Signing
664+ Certificate field.
665+
666+ To test your integration, you can copy the [ auth0/vanilla.html] ( examples/clients/auth0/vanilla.html )
667+ file. Be sure to fill these three variables:
668+
669+ - ` authUrl ` with your Auth0 domain
670+ - ` clientId ` with your Client ID
671+ - ` audience ` with the API URL you created in Auth0
672+
673+ ⚠️ If you don't fill the audience parameter, it will not work because you won't get a valid JWT.
674+
675+ You can also change the ` url ` variable, used to test the API with authentication.
676+
677+ [ More info] ( https://auth0.com/docs/api-auth/tutorials/verify-access-token )
678+
679+ ##### Configure and test JWT authentication with Firebase
680+
681+ First you need to create a Firebase project on the [ Firebase console] ( https://console.firebase.google.com/ ) .
682+ Add a web application to this project and grab the code snippet for later use.
683+
684+ Then you have to configure the ` jwtAuth.secret ` configuration in your ` api.php ` file.
685+ Grab the public key via this
[ URL
] ( https://www.googleapis.com/robot/v1/metadata/x509/[email protected] ) .
686+ There may be several certificates, just grab the one corresponding to your ` kid ` (if you don't
687+ know what it is, just test them all until you will be logged in).
688+ Now, just fill ` jwtAuth.secret ` with your public key.
689+
690+ To test your integration, you can copy the [ firebase/vanilla.html] ( examples/clients/firebase/vanilla.html )
691+ file and the [ firebase/vanilla-success.html] ( examples/clients/firebase/vanilla-success.html ) file,
692+ used as a "success" page and to display the API result.
693+
694+ Replace, in both files, the Firebase configuration (` firebaseConfig ` object).
695+
696+ You can also change the ` url ` variable, used to test the API with authentication.
697+
698+ [ More info] ( https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library )
699+
653700## Authorizing operations
654701
655702The Authorization model acts on "operations". The most important ones are listed here:
0 commit comments