profile
viewpoint
Sandrino Di Mattia sandrinodimattia Auth0 Belgium, Brussels http://sandrinodimattia.net

auth0/nextjs-auth0 469

Next.js SDK for signing in with Auth0 (Experimental)

auth0/node-jwks-rsa 469

A library to retrieve RSA public keys from a JWKS (JSON Web Key Set) endpoint.

auth0/auth0-deploy-cli 115

A node CLI that can be used to easily integrate configuration deploy with your build scripts.

auth0/auth0-authorization-extension 67

Auth0 Extension that adds authorization features to your account

auth0/auth0-ldap-endpoint 18

[DEPRECATED] An LDAP server that allows you to connect your legacy applications with Auth0 using the LDAP protocol.

auth0-samples/auth0-api-auth-samples 18

Seed projects for API Authentication and Authorization

auth0-extensions/auth0-user-import-export-extension 6

Extension that allows you to import/export users from your Auth0 account

sandrinodimattia/auth-protocol-debugger 6

A debugger for SAML/WS-Federation/OIDC/OAuth2 responses

auth0/auth0-authentication-api-webhooks 3

This webtask allows you to define webhooks for Auth0's Authentication API. It will go through the audit logs and call a webhook for specific events.

startedpreactjs/wmr

started time in an hour

startedbaryon/tracer

started time in 2 hours

create barnchauth0/node-jwks-rsa

branch : getKeysInterceptor

created branch time in 5 hours

issue openedauth0/nextjs-auth0

Guidance on how to utilize the `tokenCache` with external APIs _WITHOUT_ proxying your calls through NextJS api routes

<!-- Please do not report security vulnerabilities here. The Responsible Disclosure Program (https://auth0.com/whitehat) details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community (https://community.auth0.com/) or Auth0 Support (https://support.auth0.com/). Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct (https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md). -->

Describe the problem you'd like to have solved

<!--

A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] --> The guidance that is provided in the documentation states that it is a common pattern to proxy any external API requests that require authorization headers or access tokens in some form, through the NextJS provided API mechanisms. This is totally fine, but with a large external API, that would ostensibly require you to re-write that API. In all honestly, I'd like to avoid doing that.

I want to still be able to use the tokenCache on the client to only fetch new tokens based upon life, refresh rotation, etc... but the only way that I see right now is, on every API call, fetch the token using the api/token endpoint and then stuff that token in the headers of the client-side request.

To me, that doesn't seem like the most optimal solution since every client-side request is going to have to fetch a token from the node server and then fetch the data from the external api; 2 round trips

Describe the ideal solution

<!--

A clear and concise description of what you want to happen. --> I'm wondering if there is any official guidance on how to go about using the NextJS Auth0 package on the client-side? That would specifically alleviate the need to re-write any external endpoints, just for the sake of using the server-side tokenCache.

Alternatives and current work-arounds

<!--

A clear and concise description of any alternatives you've considered or any work-arounds that are currently in place. -->

  1. The first thing that came to mind is to use the auth0/nextjs-auth0 package to manage sign-in, sign-out, and the callback, and then on the client, use the auth0/auth0-spa-js package separately. I think it's kind of clunky and would add weight to the client-side package.
  2. The second thought that I had was to implement a client-side cache that kind of mimics the mechanisms used in the next-js package, but I fear that this is only going to be re-creating the wheel.

created time in 6 hours

push eventauth0/nextjs-auth0

adamjmcgrath

commit sha df1f8a50de8181ca8f43f170394242b63528f75c

Fix examples

view details

push time in 6 hours

pull request commentauth0/jwt-decode

Add common types to JWT playload.

No probs thanks 👍 already done.

xsv24

comment created time in 7 hours

push eventauth0/nextjs-auth0

adamjmcgrath

commit sha 9f4b59baf685272b1612024a67d041d19349fba6

createHandlers -> handleAuth for consistency with other handlers

view details

push time in 7 hours

PR closed auth0/jwt-decode

Add common types to JWT playload.

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Add common JWT properties to JWTPayload following IANA Claims.

Testing

All added types are optional and have no impact on tests.

Checklist

  • [] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • [x] All active GitHub checks for tests, formatting, and security are passing
  • [x] The correct base branch is being used, if not master
+38 -1

1 comment

2 changed files

xsv24

pr closed time in 8 hours

pull request commentauth0/jwt-decode

Add common types to JWT playload.

Thanks for this pull request! I'm not going to merge this as the claims you added are not a part of the registered claims and out of scope for this library.

You can overwrite the JwtPayload in your own project if you want to check for these claims. eg

import { JwtPayload } from "jwt-decode";

interface Payload extends JwtPayload {
  nonce?: string;
  acr?: string;
  amr?: AMR[];
  at_hash?: string;
  updated_at?: string;
  name?: string;
  given_name?: string;
  nickname?: string;
  picture?: string;
  email?: string;
  email_verified?: boolean;
}
xsv24

comment created time in 8 hours

PR opened auth0/jwt-decode

Add common types to JWT playload.

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Add common JWT type to JWTPayload following iana.org/assignments/jwt/jwt.xhtml#claims.

Testing

All added types are optional and have no impact on tests.

Checklist

  • [] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • [x] All active GitHub checks for tests, formatting, and security are passing
  • [x] The correct base branch is being used, if not master
+38 -1

0 comment

2 changed files

pr created time in 8 hours

PR opened auth0/nextjs-auth0

Add recipes for common Next.js auth scenarios

Description

A long list of common recipes for using Auth0 with Next.js (using this library and https://github.com/auth0/auth0-react)

+481 -0

0 comment

1 changed file

pr created time in 9 hours

create barnchauth0/nextjs-auth0

branch : recipes

created branch time in 9 hours

PR closed auth0/node-samlp

Vrkkap xmldom upstream update

Updated xmldom installation to correct format. https://stackoverflow.com/a/60268272/5140453

+8 -12

0 comment

2 changed files

RopoMen

pr closed time in 14 hours

PR opened auth0/node-samlp

Vrkkap xmldom upstream update

Updated xmldom installation to correct format. https://stackoverflow.com/a/60268272/5140453

+8 -12

0 comment

2 changed files

pr created time in 14 hours

pull request commentauth0/node-jwks-rsa

Add functionality to allow directly provided jwt keysets

@davidpatrick do you have an ETA for this release?

thepieterdc

comment created time in 17 hours

fork eatplaysleep/use-auth0-hooks

An easy way to sign in with Auth0 in your React application (client-side) using React Hooks

https://nextjs-spa-auth0-demo.now.sh/

fork in a day

startedcodex-team/editor.js

started time in a day

created repositoryjohnlindquist/.js

created time in a day

pull request commentauth0/ad-ldap-connector

Improve LDAP heartbeat search query and introduced LDAP_HEARTBEAT_SEARCH_QUERY configuration

The fix is included in new connector release 6.1.1 - https://cdn.auth0.com/connector/windows/latest.json

siacomuzzi

comment created time in a day

created tagauth0/ad-ldap-connector

tagv6.1.1

Auth0 AD and LDAP connector

created time in a day

issue openedauth0/nextjs-auth0

Documentation on how to refresh the user

Describe the problem you'd like to have solved

This library seems to have support for refresh tokens, but there aren't any examples on how to use this token to refresh the user session. Once the token expires, the user is currently invalid until they visit the /api/login endpoint again.

Describe the ideal solution

Documentation or example on how to use the refresh token.

created time in a day

startedlovell/sharp

started time in a day

PR opened auth0/nextjs-auth0

Set session handler

Description

This PR adds a new setSession: (req: NextApiRequest, res: NextApiResponse, tokenSetParameters: TokenSetParameters) method the SDK for setting the session with a new token set.

This is useful for example if you need interoperability between @auth0/nextjs-auth0 and an existing legacy sign up endpoint which uses the password grant type for silent authentication.

If you want to expose a route which creates a new user and then silently authenticates them (eg: /pages/api/signup.js):

// Importing the `auth0` package to use the password grant type
import { AuthenticationClient } from 'auth0';
import auth0 from '../../utils/auth0';
import { createUserInUpstreamService } from '../../utils/signup';

const auth0AuthClient = new AuthenticationClient({
  domain: process.env.NEXT_PUBLIC_AUTH0_DOMAIN,
  clientId: process.env.NEXT_PUBLIC_AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET
});

export default async function signup(req, res) {
  try {
    // POST http://api.acme.com/signup will create
    // the user in the ACME database and in Auth0
    await createUserInUpstreamService(req.body);

    // Once the user is created successfully then silently authenticate
    // them using the password grant type
    const tokens = await auth0AuthClient.oauth.passwordGrant({
      username: req.body.username,
      password: req.body.password,
      scope: 'openid profile email offline_access'
    });

    // Set the session with the tokens from the password grant
    await auth0.setSession(req, res, tokens);

    res.status(201).end();
  } catch (error) {
    console.error(error);
    res.status(error.status || 500).end(error.message);
  }
}

NOTE: For the above example to work you will need to enable the password grant type on your Auth0 client application settings dashboard.

References

Auth0 community issue link - https://community.auth0.com/t/silent-auto-login-for-user-after-completing-authentication-api-backed-custom-signup-form/29790

Other related community link - https://community.auth0.com/t/custom-auth0-log-in-sign-up-flow/47685

Testing

To test this functionality set up an example project and run the setSession method, following the example given in the README and PR description.

Run npm test

Run the following to test the changes build correctly

npm run clean
npm run lint
npm run build
  • [x] This change adds test coverage for new/changed/fixed functionality

Checklist

  • [x] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • [ ] All active GitHub checks for tests, formatting, and security are passing
  • [x] The correct base branch is being used, if not master
+160 -0

0 comment

7 changed files

pr created time in a day

issue commentauth0-samples/auth0-ionic4-samples

Ionic + Capacitor = Incompatible? (First Party Consent)

@ntziolis If you are willing to share your end to end solution that would be great, we are definitely interested in that. Thanks!

ntziolis

comment created time in a day

Pull request review commentauth0-samples/auth0-aspnet-owin-mvc-samples

Update startup.cs

 public void Configuration(IAppBuilder app)                 {                     NameClaimType = "name"                 },-+                +                // SameSiteCookieManager is not a built in constructor but is a separate class created as part of the demo

Hi Frederik,

Yes, that makes more sense :) I just put it there because the customer pointed that out. I think that it will be helpful if we mention it somewhere. Thank you!

lilyayala

comment created time in a day

fork shiftkey/typescript-eslint

:sparkles: Monorepo for all the tooling which enables ESLint to support TypeScript

https://typescript-eslint.io

fork in a day

PR closed auth0/ad-ldap-connector

Avoid uncaughtException in troubleshoot.js when res is undefined

When testing connectivity to Auth0, if the script is unable to reach the test endpoint, then res will be undefined, and the attempt to log res.statusCode results in an uncaughtException. In consequence, the troubleshooting won't be completed successfully.

This PR makes sure to check for res before attempting to log res.statusCode.

+2 -1

1 comment

1 changed file

virtualizedMo

pr closed time in a day

pull request commentauth0/ad-ldap-connector

Avoid uncaughtException in troubleshoot.js when res is undefined

The issue is fixed, thanks for the PR.

virtualizedMo

comment created time in a day

push eventauth0/ad-ldap-connector

Sebastian Iacomuzzi

commit sha df4fe49a073eb1c8cdfcb62bb447c199bce5cf41

[ESD-10286] improve LDAP heartbeat search query Current query is too general and might cause timeout issues. This PR replaces it with a valid query that returns no results (or in the worst case, a small number of entries).

view details

Sebastian Iacomuzzi

commit sha 63e821c1ceec089c0491a60fbfd5208456973f28

6.1.1

view details

Sebastian Iacomuzzi

commit sha ce7fd6888ffed6a2f0a252028e6089e9e443bdc4

fix crypto tests mockNconf was ignored

view details

madhu.sharma

commit sha ae3978be8091f4be6d92833142deff4849b596a6

configure heartbeat search query and constraint the search under base dn

view details

madhu.sharma

commit sha 03a73ae2024f66fcfc60a8f30f436fb7985f69b1

remove sizeLimit

view details

Madhu

commit sha b9867e885b7630a2d2a7608b8a8b351b5dcbe8f4

update to change log

view details

Madhu

commit sha 2f323447f5c5ecc010a98a468eb07475e9604558

Merge pull request #183 from auth0/improve_heartbeat Improve LDAP heartbeat search query and introduced LDAP_HEARTBEAT_SEARCH_QUERY configuration

view details

push time in a day

PR merged auth0/ad-ldap-connector

Improve LDAP heartbeat search query and introduced LDAP_HEARTBEAT_SEARCH_QUERY configuration

Current heartbeat query is too general and might cause timeout issues. This PR replaces it with a valid default query ( which can be overridden) that returns no results (or in the worst case, it will return a small number of entries).

Changes:

  • Configurable heartbeat search query
  • Constrained heartbeat search to base dn

TODO(will be done after this PR merge): Add documentation about new config - https://auth0.com/docs/extensions/ad-ldap-connector/ad-ldap-connector-config-file-schema

+45 -39

2 comments

5 changed files

siacomuzzi

pr closed time in a day

more