Skip to content

Latest commit

 

History

History
131 lines (98 loc) · 2.87 KB

README.md

File metadata and controls

131 lines (98 loc) · 2.87 KB

nexus-plugin-auth0

npm npm (tag) PRs Welcome

Contents


Installation

npm install nexus-plugin-auth0

How it Works

The plugin currently expects the "UsersAccessToken" to be in the following format on the header of the incoming request.

{
  "authorization": "Bearer UsersAccessToken"
}

There are two main ways to use this plugin.

  1. Using the protectedPaths to deny access to certain paths.
  2. Using it to only validate and decode then to using the decoded token (available as ctx.token) to control access using another plugin such as nexus-plugin-sheild

The decoded token will be added to Nexus Context under ctx.token which has the following type

type DecodedAccessToken = {
  iss: string
  sub: string
  aud: string[]
  iat: number
  exp: number
  azp: string
  scope: string
}
// ctx.token
type ContextToken = DecodedAccessToken | null

Examples

Protected Paths

If protectedPaths is passed, then only valid access tokens will be allowed to access these paths

import { use } from 'nexus'
import { auth } from 'nexus-plugin-auth0'

use(
  auth({
    auth0Audience: 'nexus-plugin-auth0',
    auth0Domain: 'graphql-nexus.eu.auth0.com',
    protectedPaths: ['Query.posts'],
  })
)

Usage with nexus-plugin-shield

All paths will have the decoded token added to ctx only if the token is validated but will not deny access. The token can then be used by nexus-plugin-shield to control access.

import { use } from 'nexus'
import { auth } from 'nexus-plugin-auth0'
import { rule } from 'nexus-plugin-shield'


const isAuthenticated = rule({ cache: 'contextual' })(async (parent, args, ctx: NexusContext, info) => {
  const userId = ctx?.token?.sub
  return Boolean(userId)
})

const rules = {
  Query: {
    posts: isAuthenticated,
  },
  Mutation: {
    deletePost: isAuthenticated,
  },
}

use(
  auth({
    auth0Audience: 'nexus-plugin-auth0',
    auth0Domain: 'graphql-nexus.eu.auth0.com',
  })
)

use(
  shield({
    rules,
  })
)

Plugin Settings

type Settings = {
  auth0Domain: string
  auth0Audience: string
  protectedPaths?: string[]
  debug?: boolean
}