Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@redwoodjs/auth-auth0-web
Advanced tools
If you want to contribute a new auth provider integration we recommend you
start by implementing it as a custom auth provider in a Redwood App first. When
that works you can package it up as an npm package and publish it on your own.
You can then create a PR on this repo with support for your new auth provider
in our yarn rw setup auth
cli command. The easiest option is probably to just
look at one of the existing auth providers in
packages/cli/src/commands/setup/auth/providers
and the corresponding
templates in ../templates
.
If you need help setting up a custom auth provider you can read the auth docs on the web.
If you want to contribute to our auth implementation, the interface towards
both auth service providers and RW apps we recommend you start looking in
authFactory.ts
and then continue to AuthProvider.tsx
. AuthProvider.tsx
has most of our implementation together with all the custom hooks it uses.
Another file to be accustomed with is AuthContext.ts
. The interface in there
has pretty good code comments, and is what will be exposed to RW apps.
getCurrentUser
returns the user information together with
an optional collection of roles used by requireAuth() to check if the user is authenticated or has role-based access.
Use in conjunction with requireAuth
in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
@param decoded - The decoded access token containing user info and JWT claims like `sub`
@param { token, SupportedAuthTypes type } - The access token itself as well as the auth provider type
@param { APIGatewayEvent event, Context context } - An object which contains information from the invoker
such as headers and cookies, and the context information about the invocation such as IP Address
This example is the standard use of getCurrentUser
.
export const getCurrentUser = async (
decoded,
{ _token, _type },
{ _event, _context },
) => {
return { ...decoded, roles: parseJWT({ decoded }).roles }
}
export const getCurrentUser = async (decoded) => {
return await db.user.findUnique({ where: { decoded.email } })
}
export const getCurrentUser = async (decoded) => {
return { ...decoded }
}
export const getCurrentUser = async (decoded) => {
return { ...decoded, roles: parseJWT({ decoded }).roles }
}
export const getCurrentUser = async (decoded) => {
const currentUser = await db.user.findUnique({
where: { email: decoded.email },
})
return {
...currentUser,
roles: parseJWT({ decoded: decoded, namespace: NAMESPACE }).roles,
}
}
const getCurrentUser = async (decoded) => {
const currentUser = await db.user.findUnique({
where: { userIdentity: decoded.sub },
})
return {
...currentUser,
roles: parseJWT({ decoded: decoded }).roles,
}
}
const getCurrentUser = async (_decoded, _raw, { event, _context }) => {
const cookies = cookie(event.headers.cookies)
const session = cookies['my.cookie.name']
const currentUser = await db.sessions.findUnique({ where: { id: session } })
return currentUser
}
Use requireAuth
in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
@param {string=} roles - An optional role or list of roles
@param {string[]=} roles - An optional list of roles
@returns {boolean} - If the currentUser is authenticated (and assigned one of the given roles)
@throws {AuthenticationError} - If the currentUser is not authenticated
@throws {ForbiddenError} If the currentUser is not allowed due to role permissions
requireAuth()
requireAuth({ role: 'admin' })
requireAuth({ role: ['editor', 'author'] })
requireAuth({ role: ['publisher'] })
FAQs
Unknown package
The npm package @redwoodjs/auth-auth0-web receives a total of 2,705 weekly downloads. As such, @redwoodjs/auth-auth0-web popularity was classified as popular.
We found that @redwoodjs/auth-auth0-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.