Learn how to authenticate with Auth0.

March 24, 2023

Before You Start #

1. Register With Your IdP #

  1. Log in to your Auth0 account.
  2. In Applications, click Create Application.
  3. Type the name of your application, such as Pachyderm.
  4. In the application type, select Regular Web Application.
  5. Click Create.
  6. Go to the application settings.
  7. Scroll down to Application URIs.
  8. In the Allowed Callback URLs, add the Pachyderm callback link in the following format:
# Dex's issuer URL + "/callback"
  1. Scroll down to Show Advanced Settings.
  2. Select Grant Types.
  3. Verify that Authorization Code and Refresh Token are selected.

Auth0 Grant Settings

2. Set Up Connector #

  1. Create a JSON or YAML connector config file that matches your IdP.
  1. Update the following attributes:
Attribute Description
id The unique identifier of your connector (string).
name Its full name (string).
type The type of connector. (oidc, saml).
version The version of your connector (integer - default to 0 when creating a new connector)
issuer The domain of your application (here in Auth0). For example, Note the trailing slash.
client_id The Pachyderm Client ID (here in Auth0). The client ID consists of alphanumeric characters and can be found on the application
settings page.
client_secret The Pachyderm client secret (here in Auth0) located on the application settings page.
redirect_uri This parameter should match what you have added to Allowed Callback URLs when registering Pachyderm on your IdP website.
  1. Open your Helm values.yml file.
  2. Find the oidc.upstreamIDPs section.
  3. Input your connector info; Pachyderm stores this value in the platform secret pachyderm-identity in the key upstream-idps.
upstream-idps: |
    - type: github
    id: github
    name: GitHub
    jsonConfig: >-
        "clientID": "xxx",
        "clientSecret": "xxx",
        "redirectURI": "",
        "loadAllGroups": true

Alternatively, you can create a secret containing your dex connectors (Key: upstream-idps) and reference its name in the field oidc.upstreamIDPsSecretName.

3. Login #

The users registered with your IdP are now ready to Log in to Pachyderm

Considerations #

Ingress #

When using an ingress: