1.0.2 • Published 6 years ago
require-auth v1.0.2
require-auth
Express middleware
Pre
To fully use this package we need to validate a JSON Web Token (JWT) See https://auth0.com/docs/quickstart/backend/nodejs
We also need to add custom claims to your Access Token (or ID Token) using Auth0 Rules. See: https://auth0.com/docs/tokens/access-token#add-custom-claims
Init
require-auth init must be run after a jwt token i validated.
In server.js
const express = require('express');
const bodyParser = require('body-parser');
const app = express();
const requireAuth = require('require-auth');
// See https://auth0.com/docs/quickstart/backend/nodejs
const jwtCheck = require('path/your-jwtCheck');
// Before routes
app.use(jwtCheck);
// In auth0 you can add metadata to your tokens
// See https://auth0.com/docs/tokens/access-token#add-custom-claims
// Add roles and permissions to request obj
app.use(requireAuth.init('https://yourNamespace.com'));
// Rest of code
...Usage
Now we can use require-auth in our router file
const express = require('express');
const router = express.Router();
const requireAuth = require('require-auth');
router.get('/users', requireAuth.permission('users:read'), (req, res) => {
res.status(200).send("You have the users:read access!");
return;
});
router.get('/users', requireAuth.role('admin'), (req, res) => {
res.status(200).send("You have access through admin role!");
return;
});