Skip to main content

How to Set Auth0 as Identity Provider

Introduction

This basic tutorial demonstrates how to configure an application in Auth0 and integrate it with AI DIAL for identity and access management.

In AI DIAL, you can assign roles to Models, Applications, Addons, and Assistants to restrict the number of tokens that can be transmitted in a specific time frame. These roles and their limitations can be created in external systems and then assigned in AI DIAL's configuration.

Configuration Guidelines

Configure Auth0

Note: Replace <chat_url> with the actual address of your AI DIAL Chat application.

Follow these steps to configure Auth0:

  1. Create Tenant: create a new tenant and save its name. Refer to Auth0 documentation to learn how to do it.
  2. Create Application: create an Application. Set a name and choose Regular Web Applications.
  3. Configure Application Settings: in the Applications/Settings section, set the following parameters:
    • Obtain and save Domain,Client ID and Client secrets generated for your application.
    • Allowed Callback URLs: https://<chat_url>/api/auth/callback/auth0
  4. Create API: in the Applications/APIs section, configure a new API.
  5. Create Users: in the User Management/Users section, create necessary Users.
  6. (Optional) Create and Assign Roles: in the User Management/Roles section, create necessary Roles.
  7. (Optional) Create Action: in the Actions/Library section, create a necessary Action and Deploy it. Action parameters:
    • Name: DIAL role
    • Trigger: Login/Post Login
    • Runtime: Node 18
    • Add the following code in the Actions Code Editor:
      exports.onExecutePostLogin = async (event, api) => {
      if (event.authorization) {
      api.accessToken.setCustomClaim("dial_roles", event.authorization.roles);
      api.accessToken.setCustomClaim('email', event.user.email);
      }
      };
  8. (Optional) Configure the Login Flow: in the Actions/Flows section, choose Login, add a custom action DIAL role to Flow and apply the change. Refer to Auth0 documentation to learn more.

Configure AI DIAL

By configuring both AI DIAL Chat and AI DIAL Core with the necessary environment variables, you will enable them to work together seamlessly with Identity Provider for authentication and authorization purposes.

AI DIAL Chat Settings

Add the following environment variables to AI DIAL Chat configuration. Refer to AI DIAL Chat for more details.

AUTH_AUTH0_HOST: "<auth0_domain>"
AUTH_AUTH0_CLIENT_ID: "<auth0_client_id>"
AUTH_AUTH0_SECRET: "<auth0_client_secret>"
AUTH_AUTH0_AUDIENCE: "<auth0_api_audience>"

AI DIAL Core Settings

Add the following parameters to AI DIAL Core static settings. Refer to AI DIAL Core for more details.

aidial.identityProviders.auth0.jwksUrl: "https:///<auth0_domain>/.well-known/jwks.json"
aidial.identityProviders.auth0.issuerPattern: '^https:\/\/${auth0_domain_name}\.eu\.auth0\.com.*$'
aidial.identityProviders.auth0.loggingKey: "sub"
aidial.identityProviders.auth0.loggingSalt: "loggingSalt"
aidial.identityProviders.auth0.rolePath: "dial_roles"

Assignment of Roles

Once all the above steps are completed, including the ones marked as Optional, you can assign roles to Models, Applications, Addons, and Assistants.

In AI DIAL Core:

  • Static settings: as value for aidial.identityProviders.auth0.rolePath provide a claim from Auth0.
  • Dynamic settings: for userRoles provide a specific claim value.

In this example, auth0-role-name role from the "dial_roles" claim is configured for chat-gpt-35-turbo model:

# Dynamic settings of AI DIAL Core
"models": {
"chat-gpt-35-turbo": {
"type": "chat",
"endpoint" : "http://localhost:7001/v1/openai/deployments/gpt-35-turbo/chat/completions",
"upstreams": [
{"endpoint": "http://localhost:7001", "key": "modelKey1"}
],
"userRoles": ["auth0-role-name"]
}
}