diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..70f7bc4
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,45 @@
+# Gradle
+.gradle/
+build/
+
+# Eclipse
+.project
+.classpath
+.settings/
+bin/
+
+
+# IntelliJ
+.idea/
+.idea
+*.ipr
+*.iml
+*.iws
+
+# NetBeans
+nb-configuration.xml
+
+# Visual Studio Code
+.vscode
+.factorypath
+
+# OSX
+.DS_Store
+
+# Vim
+*.swp
+*.swo
+
+# patch
+*.orig
+*.rej
+
+# Local environment
+.env
+env.sh
+
+*.daml/
+
+*.log
+log/
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a02f2ae
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+# DAML WITH AUTH
+
+The goal of this repo is to provide an example of a simple daml app with Auth0 protection
+AuthT and AuthZ for Navigator, JSON API client and UI
+
+## Launch tips
+```
+daml sandbox --config auth.conf
+```
+```
+daml ledger upload-dar --host localhost --port 6865 --access-token-file m2m-access.token .daml/dist/daml-with-auth-0.0.1.dar
+```
+```
+daml script --dar .daml/dist/daml-with-auth-0.0.1.dar --script-name Test:allocateParties --access-token-file m2m-access.token --ledger-host localhost --ledger-port 6865
+```
+```
+daml ledger list-parties --host localhost --port 6865 --access-token-file m2m-access.token 
+```
+```
+token : {"admin": true, "actAs": ["Alice::1220dcfdf8c383f01ecc8a1d0147ec5ef58cfa1939736da62bbecc774e836b50a8bc", "Bob::1220dcfdf8c383f01ecc8a1d0147ec5ef58cfa1939736da62bbecc774e836b50a8bc"]}
+```
\ No newline at end of file
diff --git a/auth.conf b/auth.conf
new file mode 100644
index 0000000..5170820
--- /dev/null
+++ b/auth.conf
@@ -0,0 +1,5 @@
+canton.participants.sandbox.ledger-api.auth-services = [{
+    type = jwt-rs-256-jwks
+    url = "https://dev-rphl6e3zqdlcram3.us.auth0.com/.well-known/jwks.json"
+}]
+
diff --git a/daml.yaml b/daml.yaml
new file mode 100644
index 0000000..513616c
--- /dev/null
+++ b/daml.yaml
@@ -0,0 +1,8 @@
+sdk-version: 2.5.0
+name: daml-with-auth
+source: daml
+version: 0.0.1
+dependencies:
+  - daml-prim
+  - daml-stdlib
+  - daml-script
diff --git a/daml/Main.daml b/daml/Main.daml
new file mode 100644
index 0000000..37738c6
--- /dev/null
+++ b/daml/Main.daml
@@ -0,0 +1,23 @@
+module Main where
+
+template Agreement
+  with
+    proposer: Party
+    counterparty: Party
+    payload: Text
+  where
+    signatory proposer, counterparty
+
+template Proposal
+  with
+    proposer: Party
+    counterparty: Party
+    payload: Text
+  where
+    signatory proposer
+    observer counterparty
+
+    choice Accept : ContractId Agreement
+      controller counterparty
+      do
+        create Agreement with ..
\ No newline at end of file
diff --git a/daml/Test.daml b/daml/Test.daml
new file mode 100644
index 0000000..8cb8cb4
--- /dev/null
+++ b/daml/Test.daml
@@ -0,0 +1,21 @@
+module Test where
+
+import Daml.Script
+
+import Main (Proposal(..), Accept(..))
+
+allocateParties : Script((Party, Party))
+allocateParties = script do
+  proposer <- allocatePartyWithHint "proposer" (PartyIdHint "proposer")
+  counterparty <- allocatePartyWithHint "counterparty" (PartyIdHint "counterparty")
+
+  return (proposer, counterparty)
+
+testIt : Script ()
+testIt = script do
+  (proposer, counterparty) <- allocateParties
+  let payload = "rent agreement"
+  proposalCid <- submit proposer do createCmd Proposal with ..
+  agrCid <- submit counterparty do exerciseCmd proposalCid Accept
+
+  pure ()
\ No newline at end of file
diff --git a/env.sh-template b/env.sh-template
new file mode 100644
index 0000000..6ae28c4
--- /dev/null
+++ b/env.sh-template
@@ -0,0 +1,28 @@
+# The following options relate to Auth0 setup and service credentials. Please see documentation for meaning
+# Use in auth-config.json in UI
+AUTH0_DOMAIN="-"
+AUTH0_CLIENT_ID="-"
+
+# Auth0 Service Account credentials
+
+M2M_CLIENT_ID='-'
+M2M_CLIENT_SECRET='-'
+
+NAVIGATOR_CLIENT_ID='-'
+NAVIGATOR_CLIENT_SECRET='-'
+
+TRIGGER_CLIENT_ID='-'
+TRIGGER_CLIENT_SECRET='-'
+
+# Minimal token for JSON API - public rights only to retrieve DAML Packages
+JSON_CLIENT_ID='-'
+JSON_CLIENT_SECRET='-'
+
+ALICE_CLIENT_ID='-'
+ALICE_CLIENT_SECRET='-'
+
+BOB_CLIENT_ID='-'
+BOB_CLIENT_SECRET='-'
+
+LEDGER_ID="sandbox"
+
diff --git a/tokens/get_tokens.sh-template b/tokens/get_tokens.sh-template
new file mode 100644
index 0000000..07cb97e
--- /dev/null
+++ b/tokens/get_tokens.sh-template
@@ -0,0 +1,4 @@
+curl -v --request POST \
+  --url https://dev-rphl6e3zqdlcram3.us.auth0.com/oauth/token \
+  --header 'content-type: application/json' \
+  --data "{ \"client_id\": \"\", \"client_secret\": \"\", \"audience\": \"https://daml.com/ledger-api\", \"grant_type\": \"client_credentials\" }"
diff --git a/tokens/m2m-access.token b/tokens/m2m-access.token
new file mode 100644
index 0000000..e69de29
diff --git a/tokens/navigator-access.token b/tokens/navigator-access.token
new file mode 100644
index 0000000..e69de29