Auth0 Home Blog Docs

Obtaining 'base64-token' from Auth0 as Identity Provider


Hello Auth0 community!

I have spend a long time trying to setup Auth0 as identity provider t access AWS resources. But either my understanding is not enough or the documents are not enough.

Here is the problem, I use Auth0 for authentication for my server-less application. I use AWS for backend.

First I used a custom authorizer to access private API calls. This part was easy. Next I have to find a way to get temporary credentials from AWS STS so that users can upload pictures in S3.

From what I understood, first I should setup Auth0 as Identity provider and AWS as service provider. The same scenario as enabling SSO. Since inly articles about enabling SSO are available, I followed the article and could setup the SSO. ( )

Now that AWS is Service provider and Auth0 is IdP, I should somehow be able to programmatically get the temporary access key and secret from AWS. There is no clear article about this.

If I want to send a request to AWS STS, I would need a base64-token provided by IdP. I can’t find a way to get that code:

AWS.config.credentials = new AWS.SAMLCredentials({
  RoleArn: 'arn:aws:iam::1234567890:role/SAMLRole',
  PrincipalArn: 'arn:aws:iam::1234567890:role/SAMLPrincipal',
 SAMLAssertion: 'base64-token', // base64-encoded token from IdP

Also, when I use lock to login, the returned access_token doesn’t contain SAML configurations.


If no one has a clue about this maybe it’s not possible to use Auth0 with AWS. I will change to using Google Auth directly. Hope to make this work for Auth0 in future.