The plugin currently expects the "UsersAccessToken" to be in the following format on the header of the incoming request.
{
"authorization":"Bearer UsersAccessToken"
}
There are two main ways to use this plugin.
Using the protectedPaths to deny access to certain paths.
Using it to only validate and decode then to using the decoded token (available as ctx.token) to control access using another plugin such as nexus-plugin-sheild
The decoded token will be added to Nexus Context under ctx.token which has the following type
typeDecodedAccessToken={
iss:string
sub:string
aud:string[]
iat:number
exp:number
azp:string
scope:string
}
// ctx.token
typeContextToken=DecodedAccessToken|null
Examples
Protected Paths
If protectedPaths is passed, then only valid access tokens will be allowed to access these paths
import{use}from'nexus'
import{auth}from'nexus-plugin-auth0'
use(
auth({
auth0Audience:'nexus-plugin-auth0',
auth0Domain:'graphql-nexus.eu.auth0.com',
protectedPaths:['Query.posts'],
})
)
Usage with nexus-plugin-shield
All paths will have the decoded token added to ctx only if the token is validated but will not deny access. The token can then be used by nexus-plugin-shield to control access.