Using Auth0 as SSO for CockroachDB

Help
,
1

Ready to post? :mag: First, try searching for your answer.
Hi,
I’d like to use Auth0 for CockroachDB as SSO. But in testing the SSO from CockroachDB settings panel, I keep getting invalid token, HTTP error 400.
In greater details:
In Auth0 I’ve created Regular Web Application, called it CockroachDB, filled Allowed callback URL with https://auth.cockroachlabs.cloud/login/callback, https://cockroachlabs.cloud/sso and Application Login URI with https://auth.cockroachlabs.cloud/login.
In CockroachDB I’ve entered in the configuration:
Issuer URL: https://xxxx.eu.auth0.com/.well-known/openid-configuration. Client ID and Client Secret.

On Test Connection it keeps failing with HTTP error code 400 with a message invalid token. So the SSO Test Connection stays Unverified

The flow is:
https://xxxxx.eu.auth0.com/u/login?state=HTTP 302
https://xxxxx.eu.auth0.com/authorize/resume?state=HTTP 302
https://auth.cockroachlabs.cloud/login/callback?code=HTTP 302
https://auth.cockroachlabs.cloud/authorize/resume?state=HTTP 302
https://cockroachlabs.cloud/sso/test?code=HTTP 400

Am I missing something in the settings of Auth0 since there is nothing more to setup in CockroachDB.

2

I’ve received reply from CockroachDB’s support:
The trace ID points to the following error that occurred on your login attempt:
auth0.clientError: Invalid subject claim

The error means that the claim string received from Auth0 didn’t have the expected 2 or 3 components after being split on | .
We expect the Auth0 subject claims to match either the form <auth0 conn>|<id> or <sso protocol>|<auth0 conn>|<id> .
For example github|12345 or samlp|crl-saml|12345 .

Hope this helps.