Only building on node 8. Not using yarn anymore
Express.js middleware designed for managing a web application's interactions with the Auth0 SDK.
npm install cimpress-express-auth0 --save, or
yarn add cimpress-express-auth0
The config object passed in must have the following sections and fields:
var config = {
secret: 'The client secret, only needed for OAuth v1',
clientId: 'Your own client id, only needed for OAuth v1',
domain: 'The token issuer w/o https:// or the trailing /',
realm: 'The realm of the token, used in the challenge headers, full url (w/ https:// and trailing /)',
jwksUrl: 'The url to retrieve the jwk from, only needed for OAuth v2',
audience: 'The audience for the auth token',
enableV1: 'Should auth v1 be enabled (defaults to true), not required',
preferRequestLogger: 'Should use a logger on the request object, not required',
excludedRoutes (OPTIONAL): [ // Routes that shouldn't be protected by Auth0
{
url: '/healthcheck', // Supports a regex as well
methods: ['GET'], // Optional, if none specified then assumes all methods shouldn't use auth0
},
],
};This library also supports the 'express-unless' library.
You must also pass in a cache object, used for only OAuth v2, with the following two functions:
- get(string key) { // Must return a promise
return (The value associated with the key);
}
- set(string key, string value, int TTL) {
return;
}const auth = require('cimpress-express-auth0');
const express = require('express');
const config = require('./config');
const cache = require('./cache');
const logger = console;
const app = express();
auth(app, config, logger, cache).then(() => {
app.get('/healthcheck', someHealthcheckController);
app.listen(3000);
});We highly recommend against keeping values such as your secret as plain text in any configuration. Instead you should use some kind of secure secrets manager. One recommended library is the [aws-secrets] library (https://github.com/Cimpress-MCP/aws-secrets).
We are using semantic-release with AngularJS Git Commit Message conventions. Please ensure that you use that commit message format so that publishing happens as needed. We recommend using commitizen for that.