Stytch for BrowZer
The generic instructions below apply to any identity provider used with BrowZer.
If you plan to use this identity provider with your BrowZer network, and you'd like more detailed instructions that are specific to this identity provider (e.g. where in the IdP's UI to find the values described below), please express your interest over in our Discourse forum.
Gather IdP Information
Your OpenZiti network must be configured to become aware of your Auth0 identity provider.
OpenZiti refers to the identity provider as an External JWT Signer.  Before you can set up the new JWT signer, you must gather some information from the new Auth0 Application that you just created:
- the clientId
- the issuer
- the jwks_uri
Gather clientId
The clientId can be found via the openid-configuration endpoint that all OIDC-compliant identity providers expose.  The openid-configuration endpoint URL for Auth0 looks like this:
Gather issuer
The issuer can be found via the openid-configuration endpoint that all OIDC-compliant identity providers expose.
The openid-configuration endpoint URL for Auth0 looks like this:
https://<YOUR_IDP_DOMAIN>/<YOUR_IDP_PATH>/.well-known/openid-configuration
where the value for <YOUR_IDP_DOMAIN> is specific to where you are hosting your identity provider, and
where the value for <YOUR_IDP_PATH> is specific to your identity provider's implementation.
When you enter the openid-configuration endpoint URL into a browser, you will receive a JSON response that will
contain an issuer field.
Take note of the issuer value.
Gather jwks_uri
The JSON response from the above openid-configuration endpoint URL will also
contain a jwks_uri field.
Take note of the jwks_uri value returned from the above openid-configuration endpoint URL.
Create External JWT Signer
Using the values described above, use the ziti CLI to configure an external JWT signer that represents your Auth0 identity provider.  You can find details on how to do this in the BrowZer Quickstart documentation