Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
auth0-extension-express-tools
Advanced tools
A set of tools and utilities to simplify the development of Auth0 Extensions with Express.
A set of tools and utilities to simplify the development of Auth0 Extensions with Epxress.
const expressTools = require('auth0-extension-express-tools');
Here's what you need to use it as an entrypoint for your Webtask:
const expressApp = require('./server');
module.exports = expressTools.createServer(function(req, config, storage) {
return expressApp(config, storage);
});
Then you can create your Express server like this:
module.exports = (config, storage) => {
// 'config' is a method that exposes process.env, Webtask params and secrets
console.log('Starting Express. The Auth0 domain which this is configured for:', config('AUTH0_DOMAIN'));
// 'storage' is a Webtask storage object: https://webtask.io/docs/storage
storage.get(function (error, data) {
console.log('Here is what we currently have in data:', JSON.stringify(data, null, 2));
});
const app = new Express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
...
// Finally you just have to return the app here.
return app;
};
A middleware to inject the Management API Client for Node.js on the current request:
const middlewares = require('auth0-extension-express-tools').middlewares;
const app = new Express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
const managementClient = middlewares.managementApiClient({
domain: config('AUTH0_DOMAIN'),
clientId: config('AUTH0_CLIENT_ID'),
clientSecret: config('AUTH0_CLIENT_SECRET')
});
app.get('/users/:id', managementClient, (req, res, next) => {
req.auth0.users.get({ id: req.params.id })
.then(user => res.json({ user }))
.catch(next);
});
A middleware to validate tokens from the Management Dashboard when installing/updating/uninstalling Extensions:
const middlewares = require('auth0-extension-express-tools').middlewares;
const app = new Express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
const hookValidator = middlewares.validateHookToken(config('AUTH0_DOMAIN'), config('WT_URL'), config('EXTENSION_SECRET'));
app.use(hookValidator('./extensions/on-uninstall'));
app.delete('./extensions/on-uninstall', function(req, res) {
...
});
const urlHelpers = require('auth0-extension-express-tools').urlHelpers;
// Eg: /api/run/mytenant/abc/
const basePath = urlHelpers.getBasePath(req);
// Eg: http://sandbox.it.auth0.com/api/run/mytenant/abc
const baseUrl = urlHelpers.getBaseUrl(req);
FAQs
A set of tools and utilities to simplify the development of Auth0 Extensions with Express.
The npm package auth0-extension-express-tools receives a total of 44 weekly downloads. As such, auth0-extension-express-tools popularity was classified as not popular.
We found that auth0-extension-express-tools demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 37 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.