Auth0 Provider & Strapi Tutorial

Software applications need a way to identify users, store user data uniquely and serve these data to the right user at the right time. This process gave rise to authentication and authorization in software development. Almost every application today has an authentication flow and if you look closely, you will notice the similarity in the flow of authentication across different applications.

This is a companion discussion topic for the original entry at

This article is good, but sadly it doesn’t explain or handle one of the big reasons for using strapi to handle authentication, which is to create a user. After going through this tutorial I may have logged into auth0, but I wouldn’t know because after the callback I don’t land on a real page “connect/auth0” isn’t a route in the login-react app. And no user was ever created in strapi… so I’m not really sure what the point of doing it this strategy is?

Auth0 handles the authentication and returns a token, Users with valid tokens can gain access to data from the Strapi back end that requires authentication. The user data can be fetched from Auth0. Authenticated data fetched from Strapi requires that the token be passed along for a user to be granted access. This method will be best for front end applications already implementing authentication using Auth0. I personally would not recommend this if the application does not already implement authentication using Auth0 before integrating with Strapi. Regardless, this is just my opinion and I stand to be corrected. Hope this was helpful, thanks.

I saw Okta mentioned a lot in the Gold Enterprise Edition. Just licensed … No Okta provider in the menu of available. Can anyone guide in provisioning Okta as a provider? What are the necessary configurations required to enable Okta?

A good addition to the article would be how this should be set up for production; I’m not sure too many people are going to want to use Auth0 on localhost the whole time :wink:

Just ran through this - works as written - thank you! But… I don’t think it works as per the login-react code.
ie Once i get to the end and get the toke, I’d expect to be on a page that can see the logoutbutton?

To round this out I think it would be good to add;

  1. what happens next ie you’ll be on a blank page with the screenshot you took of the address bar
  2. be able to toggle the login/log out
  3. add a protected route with a call back to Strapi so the user can sub in what they need to do

Hi @alloyking1, stapi v4 has recently been released and along with a breaking change for the auth provider: all content-api routes are now prefixed with /api.
This mean that all the links to http://localhost:1337/connect/auth0 or http://localhost:1337/connect/auth0/callback (and similar links to the strapi api) should now be prefixed by “/api”.

  • http://localhost:1337/connect/auth0 becomes http://localhost:1337/api/connect/auth0

  • http://localhost:1337/connect/auth0/callback becomes http://localhost:1337/api/connect/auth0/callback

Thanks for the article, apart from the minor issue I had no problem settings up my login provider!