Auth0

Auth0 requires creating an account, first. ToF works fine using their free-to-use services. Their paid services allow for integrating with enterprise level authentication providers, such as "Microsoft Accounts" and "Microsoft Azure AD". This, however, is not required for ToF.

Auth0 Configuration

Create an application for ToF with the following:

• Application Type: Single Page Application
• Advanced Setings
  • OAuth
    • JsonWebToken Signature Algorithm: RS256
• Redirect URIs
  • <root url>/login (ex: https://trifolia-fhir-dev.lantanagroup.com/silent-refresh.html)
  • <root url>/silent-refresh.html (ex: https://trifolia-fhir-dev.lantanagroup.com/silent-refresh.html)
• Do not select "OIDC Conformant" under "Show Advanced Settings" if you are using the "admin" role as described below. If "OIDC Conformant" is selected, the "roles" information is not returned as part of the JWT.

ToF Configuration

• auth.clientId = keycloak clientId
• auth.domain = <public url that tof is hosted at>
• auth.scope = openid profile name email
• auth.secret = keycloak app > credentials tab > "Secret"
• auth.issuer =
  • Ex: https://trifolia.auth0.com/
• auth.jwksUri = <auth0 domain url>/.well-known/jwks.json
  • Ex: https://trifolia.auth0.com/.well-known/jwks.json

Administrator role

The easiest way to setup authorization with Auth0 is to use the "Auth0 Authorization" extension.

1. Login to your Auth0 dashboard and select "Extensions" on the left
2. Under "All Extensions" search for "Auth0"
3. Click on "Auth0 Authorization" and click "Install"
4. Once installed, click "Authorization" below "Extensions" in the left nav bar
5. Click the account drop-down menu item in the top-right
6. Turn on "Roles" in the "Authorization information in the user object in Rules" section
7. Click "Publish Rule"

Add an "admin" role to auth0:

1. From the "Authorization" extension, select "Roles" in the top-left
2. Click "Create Role"
3. Select the ToF application and click "Next"
4. Specify a name of "admin" and a description of your liking.
5. Click save.

Assign users as an admin

1. From the "Authorization" extension, select "Users"
2. Select a user that you want to be an admin
3. Select "Roles"
4. Click "Add role to user", select the "admin" role
5. Click "Save"