Welcome to ForwardAuth for Auth0’s documentation!¶
Traefik will act as the gate to your applications, and the ForwardAuth application will act as the gatekeeper and authorize requests to your applications. Management of users, roles and permissions are handled in Auth0.
There is some important breaking changes in version 2.0 of ForwardAuth.
For those that want to delay upgrade from 1.0 to 2.0 version, there is a docker image with tag 1.0 that you can continue to use, but it will not get any further updates and I encourage you to upgrade to 2.0 as soon as possible.
It is now mandatory to set an audience when requesting authorization. This change is required due to how Auth0 handles two different kinds of token formats, opaque tokens and jwt tokens, for access tokens. The only token that is possible to validate and verify is the jwt token. Therefor its from now on required to set the audience in the application config and the application will not work otherwise.
The version 2.0 configuration also has some new fields that need to be set for the application to start up. See Upgrade Notes for information about compatability and upgrades between versions. The page Configuration should have a update to date example for the latest version.
Protect your applications with Authorization and Authentication using Auth0 rich feature set.
Shared-host auth-mode for single sign-on for a whole domain and a whole set of services.
Sub-Path auth-mode for restricting single sign-on per sub-domain configuration to restrict SSO to a sub-domain.
Support for Auth0 API permissions natively to block access to services by API permissions.
Implement a powerful BeyondCorp policy control using Auth0 Rules + Auth0 Auth Core with RBAC.
Restrict selected HTTP methods, let other methods be unrestricted.
Signout and userinfo endpoint for other applications to use.
- What is Auth0?
- Auth0 Configuration
- OAuth and Open ID Connect
- ForwardAuth API
- Frequently asked Questions
- Q: Why Opaque Access Tokens is not supported?
- Q: How do I check if ForwardAuth is accessible through Traefik?
- Q: How do I adjust loglevel in application?
- Q: Updates in permissions/api/applications does not show in ForwardAuth and I still get permission denied?
- Q: How do I check if the application is running?