Web & Söhne is Austrian's leading expert in programming and implementing complex and large web projects.

@webundsoehne/nestjs-auth0-guard

Description

This is an Auth0 guard, which covers the whole integration for you.

• Implementation
• Auth0Module
• AuthGuard
• Permissions
• User

Implementation

Module: ./module.ts

  import { Module, NestModule } from '@nestjs/common'
  import { Auth0Module } from '@webundsoehne/nestjs-auth0-guard'
  import TestController from './controller'

  @Module({
    imports: [
      Auth0Module.register({
        domain: 'customer-domain.auth0.com',
        clientId: 'auth0-client-identifier',
        clientSecret: 'auth0-client-secret',
        audience: 'https://customer-domain.com',
        namespace: 'https://customer-domain.com'
      })
    ],
    controller: [
      TestController
    ]
  })
  export class Server implements NestModule {}

Controller: ./controller.ts

  import { Controller, Get, Post, UseGuards } from '@nestjs/common'
  import { AuthGuard, Auth0TokenUser, Permissions, User } from '@webundsoehne/nestjs-auth0-guard'

  @Controller('test')
  @UseGuards(AuthGuard.withPermissions(['read:test', 'save:test', 'remove:test']))
  export class TestController {
    @Permissions('read:test')
    @Get()
    getTest () {}

    @Permissions('save:test')
    @Post()
    getTest (@User() user: Auth0TokenUser) {}
  }

Auth0Module

The Auth0Module.register(options) has to be imported once in your main NestModule. It requires the configuration for communicating with Auth0.

Options:

Name	Type	Required	Description
domain	String	true	The Auth0 domain of your account's tenant
clientId	String	true	The identifier of the Auth0 client
clientSecret	String	true	The secret key of the used Auth0 client
audience	String	false	The configured audience you want to login (Fallback: http://localhost:3000)
namespace	String	false	The namespace of the JWT property names, which should be extracted to the user's object (Fallback: audience)

AuthGuard

If you want to enable the guard for a controller or method, you have to use the AutheGuard. You may use the jumper AuthGuard.withPermissions(permissions: string | string[]), which allows you to tell the guard which permissions are allowed without using the decorator.

Permissions

The Permissions(permissions: string | string[]) decorator restricts, the access to an method, to one of the set permission values.

User

The User(key?: string) decorator allows you to fetch user specific information out of the JWT payload.

Publishing

On each Git tag commit to this repo, the source-code will be automatically transpiled and published to NPM.

Stay in touch

• Author: Backend Team
• Website: Web & Söhne