This page looks best with JavaScript enabled

Auth0 with AWS Load Balancer Controller on EKS

 ·  ☕ 1 min read  ·  🤖 Javy de Koning

Here is a quick example of how to use Auth0 together with ALB via the AWS Load Balancer Controller

First you will need a secret in the same namepace as your application. I will use nginx in the below example:

apiVersion: v1
kind: Secret
metadata:
  namespace: nginx
  name: alb-oidc-secret
data:
  clientID: # Get this from your auth0 application settings
  clientSecret: # Get this from your auth0 application settings

Next, well need an application. I’m just going to use nginx as an example.

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: nginx
  labels:
    app: nginx    
  name: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: public.ecr.aws/nginx/nginx:1.22-alpine
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80

Finally, we need a Service and an Ingress This is where the magic sauce is.

apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: nginx
spec:
  selector:
    app: nginx
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: nginx
  name: nginx
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-1:012345678912:certificate/xxx
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/group.name: shared
    alb.ingress.kubernetes.io/auth-type: 'oidc'
    alb.ingress.kubernetes.io/auth-on-unauthenticated-request: 'authenticate'
    alb.ingress.kubernetes.io/auth-scope: 'openid profile email'
    alb.ingress.kubernetes.io/auth-session-cookie: 'AWSELBAuthSessionCookie'
    alb.ingress.kubernetes.io/auth-session-timeout: '604800'
    alb.ingress.kubernetes.io/auth-idp-oidc: '{
        "Issuer": "https://<your-auth-0>.auth0.com/",
        "AuthorizationEndpoint": "https://<your-auth-0>.auth0.com/authorize",
        "TokenEndpoint": "https://<your-auth-0>.auth0.com/oauth/token",
        "UserInfoEndpoint": "https://<your-auth-0>.auth0.com/userinfo",
        "SecretName": "alb-oidc-secret",
        "AuthenticationRequestExtraParams": {
            "audience": "https://<your-auth-0>.auth0.com/api/v2/"
        }
      }'
spec:
  ingressClassName: nginx
  rules:
    - host: your-domain.example
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx
                port:
                  number: 80

In your auth0 app, don’t forget to configure the correct “Allowed Callback URLs”, it should look like https://<your-domain>/oauth2/idpresponse. See ALB docs

Auth0 call back config

Need more help?

The below youtube video was provides a good console walkthrough for setting up Auth0 with ALB.


Javy de Koning
WRITTEN BY
Javy de Koning
Geek 🤓, Love sports 🏃‍♂️🏋️‍♂️, Food 🍛, Tech 💻, @Amsterdam ❌❌❌.