Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
auth0-ext-compilers
Advanced tools
auth0-ext-compilers - npm Package Compare versions
Comparing version 1.0.0 to 2.0.0
@@ -14,3 +14,6 @@ exports['credentials-exchange'] = authorize_and_process_body; | ||
| function is_authorized(ctx, cb) { | ||
| if (ctx.secrets && ctx.secrets['auth0-extension-secret'] && (!ctx.query || ctx.secrets['auth0-extension-secret'] !== ctx.query['auth0-extension-secret'])) { | ||
| if (ctx.secrets && ctx.secrets['auth0-extension-secret']) { | ||
| // Authorization is required, enforce | ||
| var match = (ctx.headers['authorization'] || '').trim().match(/^bearer (.+)$/i); | ||
| if (match && match[1] === ctx.secrets['auth0-extension-secret']) return true; | ||
| cb(new Error('Not authorized')); | ||
@@ -17,0 +20,0 @@ return false; |
@@ -8,3 +8,3 @@ { | ||
| }, | ||
| "version": "1.0.0", | ||
| "version": "2.0.0", | ||
| "description": "Webtask compilers for Auth0 platform extensibility points", | ||
@@ -11,0 +11,0 @@ "engines": { |
@@ -5,2 +5,4 @@ This repository contains [webtask compilers](https://webtask.io/docs/webtask-compilers) that enable custom programming models for Auth0 platform extensibility points. | ||
| ## Creating Auth0 extensions with *wt-cli* | ||
| To create a webtask that implements a specific extensibility point, you can use the `wt-cli` tool or a corresponding webtask API call. For example, to create a *credentials-exchange* extension you could call: | ||
@@ -25,1 +27,69 @@ | ||
| ``` | ||
| ## What is Auth0 extension | ||
| Auth0 extension is a webtask created in the Auth0 tenant's webtask container and associated with specific metadata properties as outlined in the table below. | ||
| | Name | Required? | Value | | ||
| | --- | --- | --- | | ||
| | `auth0-extension` | Yes | Must be set to `runtime`. | | ||
| | `auth0-extension-name` | Yes | The name of the extensibility point in Auth0. This is used by Auth0 to select the set of webtasks to run in a specific place and circumstances of Auth0 processing. Currently only the value of `credentials-exchange` is supported but the list will grow as we add new extension points. | | ||
| | `auth0-extension-client` | No | Auth0 extension points which only wish to execute extensions configured for a particular client_id will use this value to select the webtasks that should be run. | | ||
| | `auth0-extension-disabled` | No | If set, disables the webtask. | | ||
| | `auth0-extension-order` | No | Webtasks selected to run for a given extension point in Auth0 will be sorted following an increasing order of this numeric metadata property. If not specified, `0` is assumed. Order of webtasks with the same value of `auth0-extension-order` is indeterministic. | | ||
| | `auth0-extension-no-cache` | No | If set, prevents caching of webtask code at runtime. Useful during development. | | ||
| | `auth0-extension-secret` | No | Used to authorize calls from Auth0 to Webtasks. See below. | | ||
| ## Authorization | ||
| Auth0 extensions are executed by issuing an HTTP POST request to the webtask URL from Auth0 runtime. To ensure only Auth0 runtime and/or a specific Auth0 tenant can issue such requests, the requests use a secret-based authorization mechanism. If an extension webtask has been created with `auth0-extension-secret` secret parameter, the value of that parameter MUST equal to the value of the `auth0-extension-secret` URL query parameter of the HTTP POST request. To allow Auth0 runtime to add the necessary URL query paramater to the webtask request it is making, the same secret value is stored in the `auth0-extension-secret` metadata property. This setup can be achieved with the following: | ||
| ```bash | ||
| SECRET=$(openssl rand 32 -base64) && \ | ||
| wt create {file}.js \ | ||
| --meta wt-compiler=auth0-ext-compilers/{specific-compiler} \ | ||
| --meta auth0-extension-secret=$SECRET \ | ||
| --secret auth0-extension-secret=$SECRET \ | ||
| ... | ||
| ``` | ||
| The authorization check is implemented as part of the webtask compiler for a specific extensibility point - see next section. | ||
| ## Custom programming models | ||
| Different Auth0 extensibility points may present unique programming models to the end user with the use of [webtask compilers](https://webtask.io/docs/webtask-compilers). Webtask compilers for Auth0 extensibility points are implemented as part of this repository which is installed as a Node.js module in the webtask environment. This allows the use of `wt-compiler` metadata property to select a specific compiler, e.g. with: | ||
| ```bash | ||
| wt create {file}.js \ | ||
| --meta wt-compiler=auth0-ext-compilers/credentials-exchange \ | ||
| ... | ||
| ``` | ||
| Webtask compilers for Auth0 extension points also enforce the authorization check described in the previous section. | ||
| ### The *credentials-exchange* extensibility point | ||
| The *credentials-exchange* extensibility point allows custom code to modify the scopes and add custom claims to the tokens issued from the `POST /oauth/token` Auth0 API. The programming model for this extensibility point is as follows: | ||
| ``` | ||
| module.exports = function (ctx, cb) { | ||
| /* ctx looks like this: | ||
| { | ||
| "resource_server": "fooapi", // IN | ||
| "client": { // IN | ||
| "name": "foo Test Client", | ||
| "clientID": "dRENwUmyMvZfuC2qqWDojFvwIatLhV69", | ||
| "client_metadata": { | ||
| "foo": "bar" | ||
| }, | ||
| "tenant": "login0" | ||
| }, | ||
| "access_token": { // IN-OUT | ||
| "scopes": [], // add or modify scopes | ||
| "foo": "bar" // add custom claims to ctx.access_token | ||
| } | ||
| } | ||
| */ | ||
| cb(null, ctx); // return error or modified ctx | ||
| }; | ||
| ``` |
@@ -33,3 +33,4 @@ var assert = require('assert') | ||
| func({ | ||
| body: { foo: 'foo', bar: 'bar' } | ||
| body: { foo: 'foo', bar: 'bar' }, | ||
| headers: {} | ||
| }, function (error, data) { | ||
@@ -58,2 +59,3 @@ assert.ifError(error); | ||
| secrets: { 'auth0-extension-secret': 'foo' }, | ||
| headers: { 'authorization': 'Bearer foo' } | ||
| }, function (error, data) { | ||
@@ -81,2 +83,3 @@ assert.ifError(error); | ||
| secrets: { 'auth0-extension-secret': 'foo' }, | ||
| headers: {} | ||
| }, function (error, data) { | ||
@@ -99,3 +102,3 @@ assert.ok(error); | ||
| secrets: { 'auth0-extension-secret': 'foo' }, | ||
| query: { 'auth0-extension-secret': 'bar' }, | ||
| headers: { 'authorization': 'Bearer bar' } | ||
| }, function (error, data) { | ||
@@ -102,0 +105,0 @@ assert.ok(error); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by52.16%
12485
- Lines of code
- increased by4.8%
131
- Number of lines in readme file
- increased by291.67%
94
No dependency changes