How to Set Auth0 as Identity Provider
Table of Contents
Introduction
This basic tutorial demonstrates how to configure an application in Auth0 and integrate it with AI DIAL for identity and access management.
In AI DIAL, you can assign roles to Models, Applications, Addons, and Assistants to restrict the number of tokens that can be transmitted in a specific time frame. These roles and their limitations can be created in external systems and then assigned in AI DIAL's configuration.
Configuration Guidelines
Configure Auth0
Note: Replace
<chat_url>with the actual address of your AI DIAL Chat application.
Follow these steps to configure Auth0:
- Create Tenant: create a new tenant and save its name. Refer to Auth0 documentation to learn how to do it.
- Create Application: create an Application. Set a name and choose
Regular Web Applications. - Configure Application Settings: in the Applications/Settings section, set the following parameters:
- Obtain and save Domain,Client ID and Client secrets generated for your application.
- Allowed Callback URLs:
https://<chat_url>/api/auth/callback/auth0
- Create API: in the Applications/APIs section, configure a new API.
- Create Users: in the User Management/Users section, create necessary Users.
- (Optional) Create and Assign Roles: in the User Management/Roles section, create necessary Roles.
- (Optional) Create Action: in the Actions/Library section, create a necessary Action and Deploy it. Action parameters:
- Name:
DIAL role - Trigger:
Login/Post Login - Runtime:
Node 18 - Add the following code in the Actions Code Editor:
exports.onExecutePostLogin = async (event, api) => {
if (event.authorization) {
api.accessToken.setCustomClaim("dial_roles", event.authorization.roles);
api.accessToken.setCustomClaim('email', event.user.email);
}
};
- Name:
- (Optional) Configure the Login Flow: in the Actions/Flows section, choose
Login, add a custom actionDIAL roletoFlowand apply the change. Refer to Auth0 documentation to learn more.
Configure AI DIAL
By configuring both AI DIAL Chat and AI DIAL Core with the necessary environment variables, you will enable them to work together seamlessly with Identity Provider for authentication and authorization purposes.
AI DIAL Chat Settings
Add the following environment variables to AI DIAL Chat configuration. Refer to AI DIAL Chat for more details.
AUTH_AUTH0_HOST: "<auth0_domain>"
AUTH_AUTH0_CLIENT_ID: "<auth0_client_id>"
AUTH_AUTH0_CLIENT_SECRET: "<auth0_client_secret>"
AUTH_AUTH0_AUDIENCE: "<auth0_api_audience>"
AI DIAL Core Settings
Add the following parameters to AI DIAL Core static settings. Refer to AI DIAL Core for more details.
aidial.identityProviders.auth0.jwksUrl: "https:///<auth0_domain>/.well-known/jwks.json"
aidial.identityProviders.auth0.issuerPattern: '^https:\/\/${auth0_domain_name}\.eu\.auth0\.com.*$'
aidial.identityProviders.auth0.loggingKey: "sub"
aidial.identityProviders.auth0.loggingSalt: "loggingSalt"
aidial.identityProviders.auth0.rolePath: "dial_roles"
Assignment of Roles
Once all the above steps are completed, including the ones marked as Optional, you can assign roles to Models, Applications, Addons, and Assistants.
In AI DIAL Core:
- Static settings: as value for
aidial.identityProviders.auth0.rolePathprovide a claim from Auth0. - Dynamic settings: for
userRolesprovide a specific claim value.
In this example, auth0-role-name role from the "dial_roles" claim is configured for chat-gpt-35-turbo model:
# Dynamic settings of AI DIAL Core
"models": {
"chat-gpt-35-turbo": {
"type": "chat",
"endpoint" : "http://localhost:7001/v1/openai/deployments/gpt-35-turbo/chat/completions",
"upstreams": [
{"endpoint": "http://localhost:7001", "key": "modelKey1"}
],
"userRoles": ["auth0-role-name"]
}
}