Do I need to use ngrok to expose my local server to be contacted by Auth0 during authentication/rules?

Having trouble setting up Auth0 for local development.

I have a react app running on localhost:3000, that uses @auth0/auth0-spa-js

I have a Hasura ( backend running on localhost:8080.

I’ve turned off “OIDC Conformant” under Advanced Settings of SPA app in Auth0.

I have some Rules that contact the backend over http. So for the Rules to reach my server running locally, I am using ngrok to expose localhost:8080 and pass that url through createAuth0Client as a custom param and use that in the Rule, via context.request.query.backendUrl as an example.

Is correct in that if I need to talk to my backend in one of the rules, I must expose my localhost:8080 over the public internet so it can be connected to? Or is there another way?

More info here too:


Hi @avimoondra,

Rules are run on the Auth0 servers, so if you want the rules to output something to your backend they will need to be accessible over the internet, if the backend is only running on your local machine then ngrok would be needed for development purposes. I am not familiar with Hasura personally, but their example seems to rely on a heroku based app’s endpoint being available over the internet.

Please read our best practices for rules, for example amongst other things, we recommend to always use HTTPS when making any calls to external services/redirections.

Kind regards,

Is there no way to run auth0 locally? How is a backend expected to stay in sync with Auth0 if they do not communicate to each other?

If exposing my backend server locally, I would assume now this server has to now be secured with complex enough user/password combos and/or secrets…

I’m afraid there is no way to run Auth0 locally, the Auth0 service needs to be hosted in the cloud (or a private cloud depending on your subscription) -

This means that any backend or service you have that needs to be called from the Auth0 service itself (from rules or custom DB scripts, for example) needs to be reachable over the public network.