> ## Documentation Index
> Fetch the complete documentation index at: https://auth0-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> This tutorial demonstrates how to configure Apache to add authentication and authorization to your web app.

# Add Login to Your Apache Application

export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
  const [displayText, setDisplayText] = useState(children);
  const [copyText, setCopyText] = useState(children);
  const wrapperRef = React.useRef(null);
  useEffect(() => {
    let unsubscribe = null;
    function init() {
      if (!window.autorun || !window.rootStore) {
        return;
      }
      unsubscribe = window.autorun(() => {
        let processedChildrenForDisplay = children;
        let processedChildrenForCopy = children;
        for (const [key, value] of window.rootStore.variableStore.values.entries()) {
          const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
          let displayValue = value;
          if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
            displayValue = value.substring(0, 3) + "*****MASKED*****";
          }
          processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
          processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
        }
        setDisplayText(processedChildrenForDisplay);
        setCopyText(processedChildrenForCopy);
      });
    }
    if (window.rootStore) {
      init();
    } else {
      window.addEventListener("adu:storeReady", init);
    }
    return () => {
      window.removeEventListener("adu:storeReady", init);
      unsubscribe?.();
    };
  }, [children]);
  useEffect(() => {
    if (!wrapperRef.current) return;
    const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
    let isOverriding = false;
    const handleClick = e => {
      const button = e.target.closest('[data-testid="copy-code-button"]');
      if (!button || !wrapperRef.current.contains(button)) return;
      isOverriding = true;
      navigator.clipboard.writeText = text => {
        if (isOverriding) {
          isOverriding = false;
          navigator.clipboard.writeText = originalWriteText;
          return originalWriteText(copyText);
        }
        return originalWriteText(text);
      };
      setTimeout(() => {
        if (isOverriding) {
          isOverriding = false;
          navigator.clipboard.writeText = originalWriteText;
        }
      }, 100);
    };
    const wrapper = wrapperRef.current;
    wrapper.addEventListener('click', handleClick, true);
    return () => {
      wrapper.removeEventListener('click', handleClick, true);
      if (navigator.clipboard.writeText !== originalWriteText) {
        navigator.clipboard.writeText = originalWriteText;
      }
    };
  }, [copyText]);
  return <div ref={wrapperRef}>
      <CodeBlock filename={filename} icon={icon} language={language} lines highlight={highlight}>
        {displayText}
      </CodeBlock>
    </div>;
};

export const configSnippet = `OIDCProviderMetadataURL https://{yourDomain}/.well-known/openid-configuration
OIDCClientID {yourClientId}
OIDCClientSecret {yourClientSecret}

OIDCScope "openid name email"
OIDCRedirectURI https://your_apache_server/your_path/redirect_uri/
OIDCCryptoPassphrase <passwordToEncryptTheSessionInformationOnTheCookie>

<Location /your_path>
  AuthType openid-connect
  Require valid-user
  LogLevel debug
</Location>

<Location /admin>
  AuthType openid-connect
  #Require valid-user
  Require claim folder:admin
</Location>`;

<Accordion title="Use AI to integrate Auth0" icon="microchip-ai" iconType="solid" defaultOpen>
  If you use an AI coding assistant like Claude Code, Cursor, or GitHub Copilot, you can add Auth0 authentication automatically in minutes using [agent skills](https://agentskills.io/home).

  **Install:**

  ```bash theme={null}
  npx skills add auth0/agent-skills --skill auth0-quickstart --skill auth0-apache
  ```

  **Then ask your AI assistant:**

  ```text theme={null}
  Add Auth0 authentication to my Apache server
  ```

  Your AI assistant will automatically create your Auth0 application, fetch credentials, and configure mod\_auth\_openidc. [Full agent skills documentation →](/docs/quickstart/agent-skills)
</Accordion>

<Note>
  **System Requirements**

  This tutorial and sample project have been tested with the following:

  * Apache 2.4
</Note>

## Get Started

This tutorial demonstrates how to configure Apache to add authentication and authorization to your web app. We recommend that you log in to follow this quickstart with examples configured for your account.

<Steps>
  <Step title="Install and Enable mod_auth_openidc Module" stepNumber={1}>
    First, install the `mod_auth_openidc` module for Apache.

    You can get the binaries from [GitHub](https://github.com/OpenIDC/mod_auth_openidc/releases) and install them for your OS. If your OS isn't compatible with any of the binaries, you can still [build it from source](https://github.com/OpenIDC/mod_auth_openidc/blob/master/INSTALL).

    Once you've installed the module, enable it for Apache with the `a2enmod` command. To learn more, read [a2enmod on Ubuntu Manpage](https://manpages.ubuntu.com/manpages/focal/man8/a2enmod.8.html):

    ```shellscript theme={null}
    a2enmod auth_openidc
    ```

    <Info>
      For Windows, you can use [this Powershell script](https://github.com/enderandpeter/win-a2enmod#installation) to get `a2enmod` working on your system.
    </Info>
  </Step>

  <Step title="Configure the Module with Your Auth0 Account Information" stepNumber={2}>
    Update your new configuration file (`auth_openidc.conf`), located in the `/etc/apache2/mods-available` folder.

    <Info>
      For Windows, you must use the `/apache/conf/httpd.conf` file.
    </Info>

    <AuthCodeBlock children={configSnippet} language="apache" filename="auth_openidc.conf" />
  </Step>

  <Step title="Configure Auth0" stepNumber={3}>
    In the [Auth0 Dashboard](https://manage.auth0.com/):

    1. Go to **Applications** > **Applications**, and then select your application from the list.
    2. Switch to the **Settings** view, and then locate the **Application URIs** section.
    3. Add the value of `OIDCRedirectURI` to **Allowed Callback URLs**.
    4. Locate **Advanced Settings** at the bottom of the page.
    5. Switch to the **OAuth** view.
    6. Set **JSON Web Token (JWT) Signature Algorithm** to `RS256`.
  </Step>

  <Step title="Authorization" stepNumber={4}>
    You can configure Apache to protect a specific location based on the value of a claim in the user's ID token by adding a `Location` block to your `auth_openidc.conf` file.

    For example, you could create an Action that reads the user's roles, and then adds a claim that grants access to a protected location:

    ```js lines theme={null}
    exports.onExecutePostLogin = async (event, api) => {
      const roles = event.authorization.roles; // ['user', 'admin']
      if (roles.includes('admin')) {
        api.idToken.setCustomClaim('folder', 'admin');
      }
    };
    ```
  </Step>
</Steps>

<Check>
  **Checkpoint**

  Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.
</Check>

***

## Next Steps

This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:

* [Auth0 Dashboard](https://manage.auth0.com/) - Learn how to configure and manage your Auth0 tenant and applications
* [Auth0 Marketplace](https://marketplace.auth0.com/) - Discover integrations you can enable to extend Auth0's functionality