profile
viewpoint

zxan1285/node-auth0 0

Node.js client library for the Auth0 platform.

PR opened auth0/wt-cli

Fix uncaught in wt logs --raw
+16 -10

0 comment

2 changed files

pr created time in an hour

create barnchauth0/wt-cli

branch : fix-raw-logs-uncaught

created branch time in an hour

issue openedauth0-extensions/canirequire

uuid@8.3.x

✏️ Request Form

Package info

Package Name: uuid

Package Version: 8.3.0 or 8.3.1

NPM Url: https://www.npmjs.com/package/uuid

Reason for Request

I would like this package added because uuid.validate() and uuid.parse() is only available in >= 8.3 uuid-api

created time in 5 hours

issue commentauth0/wt-cli

Uncaught error: logs.once is not a function when using --raw mode for logs

--raw continues to not work today in the current version of wt-cli

AmaanC

comment created time in 5 hours

pull request commentauth0/jwt-decode

Add common types to JWT playload.

No probs thanks 👍 already done.

xsv24

comment created time in 7 hours

PR closed auth0/jwt-decode

Add common types to JWT playload.

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Add common JWT properties to JWTPayload following IANA Claims.

Testing

All added types are optional and have no impact on tests.

Checklist

  • [] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • [x] All active GitHub checks for tests, formatting, and security are passing
  • [x] The correct base branch is being used, if not master
+38 -1

1 comment

2 changed files

xsv24

pr closed time in 7 hours

pull request commentauth0/jwt-decode

Add common types to JWT playload.

Thanks for this pull request! I'm not going to merge this as the claims you added are not a part of the registered claims and out of scope for this library.

You can overwrite the JwtPayload in your own project if you want to check for these claims. eg

import { JwtPayload } from "jwt-decode";

interface Payload extends JwtPayload {
  nonce?: string;
  acr?: string;
  amr?: AMR[];
  at_hash?: string;
  updated_at?: string;
  name?: string;
  given_name?: string;
  nickname?: string;
  picture?: string;
  email?: string;
  email_verified?: boolean;
}
xsv24

comment created time in 7 hours

PR opened auth0/jwt-decode

Add common types to JWT playload.

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Add common JWT type to JWTPayload following iana.org/assignments/jwt/jwt.xhtml#claims.

Testing

All added types are optional and have no impact on tests.

Checklist

  • [] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • [x] All active GitHub checks for tests, formatting, and security are passing
  • [x] The correct base branch is being used, if not master
+38 -1

0 comment

2 changed files

pr created time in 7 hours

issue openedauth0-extensions/canirequire

Add latest Stripe version 8

✏️ Request Form

Package info

Package Name: stripe

Package Version: 8.126.0

NPM Url: https://www.npmjs.com/package/stripe

Reason for Request

I would like this package added because I'm integrating auth0 with stripe via rules and would like to use the latest version. Thanks

created time in a day

issue closedauth0/auth0-deploy-cli

Using the deploy cli tool with proxy_url fails when the proxy is presenting it own certificate

I'm unsure it this should be placed as a feature request or as a bug. Please move it if I have placed it wrongly. I have also posted about it here: https://community.auth0.com/t/using-the-deploy-cli-tool-with-proxy-url-fails-when-the-proxy-is-presenting-it-own-certificate/52566

Description

When using proxy_url and the proxy is doing ssl-inspection and presenting its own certificate a0deploy fails with:

2020-11-02T09:17:16.758Z - debug: Start command export
2020-11-02T09:17:18.226Z - error: Problem running command export
2020-11-02T09:17:18.227Z - error: unable to get local issuer certificate
2020-11-02T09:17:18.228Z - debug: APIError: unable to get local issuer certificate

Reproduction

Use a proxy the replaces the auth0.com certificate with a new certificate signed by the proxy CA and use the a0deploy tool with proxy_url.

Environment

node --version: v14.15.0 a0deploy.cmd --version: 5.2.1

closed time in 2 days

enemarke

issue commentauth0/auth0-deploy-cli

Using the deploy cli tool with proxy_url fails when the proxy is presenting it own certificate

Hi, @enemarke,

In order to connect to Auth0 servers in a secured fashion via HTTPS, the clients (including deploy-cli) need to be able to validate the server's identity, which is ensured by the server providing a validate and matching CA. Putting in between deploy-cli and the Auth0 server with a proxy with self-signed CA and terminating the TLS connection isn't different from a MITM attack. In order to protect our customers, such intended use will not be support and indeed the described behavior is part of the security measures by design.

Thanks for the report and I'll be closing this issue.

Best regards, Shu

enemarke

comment created time in 2 days

issue openedauth0/auth0-deploy-cli

Keyword replace mappings are not working custom html pages

Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.

Description

We are trying to use the key AUTH0_KEYWORD_REPLACE_MAPPINGS to parameterize the HTML content of our custom login pages that we can set a client level using this property "custom_login_page": "./login.html"

Reproduction

For instance, if we have this:

On login.html

<!DOCTYPE html>
<html lang="en">
  <head></head>
  <body>
   <a href="##FORGOT_PASSWORD_URL##" data-i18n="forgotPassword">Forgot password?</a>
  </body>
</html>

So once we deploy our config the replacement is not happening and we do have the key in our config file.

We would like to replace the value depending on the environment but this is not working for these HTML pages. We are successfully using these keyword replacements in other places but so far we haven't been able to do it here.

Thanks

Environment

Please provide the following:

  • Auth0 Deploy CLI tool 5.3.1
  • node:10-alpine

created time in 5 days

issue openedauth0-extensions/canirequire

Update to version 3.3.0 of graphql-request

✏️ Request Form

Package info

Package Name: graphql-request

Package Version: 3.3.0

NPM Url: https://www.npmjs.com/package/graphql-request

Reason for Request

I would like this package added because the current version (1.8.2) is from 2018 and is missing some neat features that have been added over the time.

Some of the new features I would appreciate to use:

  • https://github.com/prisma-labs/graphql-request/pull/212
  • https://github.com/prisma-labs/graphql-request/pull/175
  • https://github.com/prisma-labs/graphql-request/commit/c2253f2b44b223671a32a273cf47b26a66d29cfe

created time in 5 days

issue openedauth0-extensions/canirequire

Request to add otplib

✏️ Request Form

Package info

Package Name: otplib

Package Version: 12.0.1

NPM Url: https://www.npmjs.com/package/otplib

Reason for Request

I would like this package added because I want to be able to verify in a rule that a code provided by the user matches the OTP sent to him. We use this for a custom OTP flow that we cannot be archived easily with auth0's OTP.

created time in 6 days

issue closedauth0-extensions/canirequire

Add jsonwebtoken to available modules

✏️ Request Form

Package info

Package Name: jsonwebtoken

Package Version: 8.5.1

NPM Url: https://www.npmjs.com/package/jsonwebtoken

Reason for Request

I would like this package added because we need to sign a jwt token as part of our Auth0 flow as well, so not just decode it please.

closed time in 6 days

ysle

issue commentauth0-extensions/canirequire

Add jsonwebtoken to available modules

oh, my mistake. thanks for the info 👍

ysle

comment created time in 6 days

push eventauth0/auth0-deploy-cli

dependabot[bot]

commit sha d240afceb7175b2a8eb8126be01a7c300c1d2be3

Bump auth0 from 2.27.0 to 2.27.1 Bumps [auth0](https://github.com/auth0/node-auth0) from 2.27.0 to 2.27.1. - [Release notes](https://github.com/auth0/node-auth0/releases) - [Changelog](https://github.com/auth0/node-auth0/blob/master/CHANGELOG.md) - [Commits](https://github.com/auth0/node-auth0/compare/v2.27.0...v2.27.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

Shu Shen

commit sha b29394264c259cf2a364695c015e923a79d0ac12

Merge pull request #266 from auth0/dependabot/npm_and_yarn/auth0-2.27.1 Bump auth0 from 2.27.0 to 2.27.1

view details

Shu Shen

commit sha 3b2ae4c2ae3f2004baed025633b1f39ca1c44814

fix: bump auth0-source-control-extension-tools@4.1.9 to fix pagination API calls

view details

Shu Shen

commit sha 0f343957245978111bc08f0ae13de7f92a285d73

chore: bump release to 5.3.0

view details

Shu Shen

commit sha 1d6f3e335522d4d4cd6825bb735bab97f83188e5

Merge pull request #287 from auth0/dxex-1038-bump-source-control-extension-tools [DXEX-1038] fix: bump auth0-source-control-extension-tools@4.1.9

view details

Luis Britos Manriquez

commit sha b8e9e2155e5638a04d23e8c56926d56d87b096f2

bump auth0-source-control-extension-tools version

view details

Luis Britos Manriquez

commit sha 5ecc2cfdf97c252176c2659203c0a31bb64e424d

Revert "bump auth0-source-control-extension-tools version" This reverts commit b8e9e2155e5638a04d23e8c56926d56d87b096f2.

view details

Luis Britos Manriquez

commit sha f4d22e3f4d76e40e3f8c838f462b8db99ba2983a

changelog

view details

Shu Shen

commit sha 6d19d0ff44d7b2de2600644cc8d5371a0b34f548

chore: bump package v5.3.1 and update changelog

view details

luisbritos

commit sha 9b44071c5f01287c26a94a189ad15e1148e5fd3c

Merge pull request #289 from auth0/ESD-9513_and_10050 [DXEX-1074] bump auth0-source-control-extension-tools version

view details

Shu Shen

commit sha d51d0b3d5f5b2673dc7a941e9b52b0b03003da5d

Merge branch 'master' into feat-tf-support

view details

push time in 7 days

issue openedauth0-extensions/canirequire

Request to add @mailchimp/mailchimp_marketing

✏️ Request Form

Package info

Package Name: @mailchimp/mailchimp_marketing

Package Version: 3.0.24

NPM Url: https://www.npmjs.com/package/@mailchimp/mailchimp_marketing

Reason for Request

I would like this package added because the current Mailchimp options are either outdated, or not very robust. This package is the official package from Mailchimp, and provides very nice, modern API to interact with the REST API.

created time in 7 days

issue commentauth0-extensions/canirequire

Add jsonwebtoken to available modules

This package is allready available afaik: https://auth0-extensions.github.io/canirequire/#jsonwebtoken

ysle

comment created time in 7 days

issue openedauth0-extensions/canirequire

Add latest version of winston

✏️ Request Form

Package info

Package Name: winston

Package Version: 3.3.3

NPM Url: https://www.npmjs.com/package/winston

Reason for Request

Winston is one of the most popular loggers for node.js.
The latest version supported by Auth0 (3.1.0) lacks some features such as defaultMeta which is super useful when you want to add some metadata to all the logs (for example: user.email, context.connection ... ) so that instead of:

logger.info('testing stuff on some user', { email: user.email, connection: context.connection });
// ...
logger.error('could not update metadata on user',  {  err: error, email: user.email, connection: context.connection });

you can just add:

winston.createLogger({
  // config...
  defaultMeta: { connection: context.connection, user_email: user.email }
});
//...
logger.info('user isn't verified') // will actually add connection info and user email...

Also, the format.error format isn't available in 3.10.
And more...

created time in 7 days

issue openedauth0-extensions/canirequire

Add jsonwebtoken to available modules

✏️ Request Form

Package info

Package Name: jsonwebtoken

Package Version: 8.5.1

NPM Url: https://www.npmjs.com/package/jsonwebtoken

Reason for Request

I would like this package added because we need to sign a jwt token as part of our Auth0 flow as well, so not just decode it please.

created time in 9 days

issue openedauth0-extensions/canirequire

Please add short-uuid

✏️ Request Form

Package info

Package Name: short-uuid

Package Version: 4.1.0

NPM Url: https://www.npmjs.com/package/short-uuid

Reason for Request

I would like this package because we would like to convert back and forth from RFC compliant UUIDs to the shorter formats

created time in 10 days

pull request commentauth0/rules

Get fullcontact profile update

Fixed the request method (it's indeed POST, not GET), updated rules.json, updated the test file. I'm not sure how to properly check the expected header and URL in a test before returning 200 :/

rosnovsky

comment created time in 10 days

pull request commentauth0/rules

Get fullcontact profile update

@joshcanhelp Damn them github notifications, sorry, missed this one :(

I'm working on this right now.

rosnovsky

comment created time in 10 days

issue commentauth0-extensions/auth0-delegated-administration-extension

User Name is not changed after changing Email

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

Wrixst

comment created time in 11 days

delete branch auth0-extensions/auth0-delegated-administration-extension

delete branch : dependabot/npm_and_yarn/lodash-4.17.19

delete time in 12 days

pull request commentauth0-extensions/auth0-delegated-administration-extension

Bump lodash from 4.17.11 to 4.17.19

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot]

comment created time in 12 days

PR closed auth0-extensions/auth0-delegated-administration-extension

Bump lodash from 4.17.11 to 4.17.19 dependencies wontfix

Bumps lodash from 4.17.11 to 4.17.19. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.17.16</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/d7fbc52ee0466a6d248f047b5d5c3e6d1e099056"><code>d7fbc52</code></a> Bump to v4.17.19</li> <li><a href="https://github.com/lodash/lodash/commit/2e1c0f22f425e9c013815b2cd7c2ebd51f49a8d6"><code>2e1c0f2</code></a> Add npm-package</li> <li><a href="https://github.com/lodash/lodash/commit/1b6c282299f4e0271f932b466c67f0f822aa308e"><code>1b6c282</code></a> Bump to v4.17.18</li> <li><a href="https://github.com/lodash/lodash/commit/a370ac81408de2da77a82b3c4b61a01a3b9c2fac"><code>a370ac8</code></a> Bump to v4.17.17</li> <li><a href="https://github.com/lodash/lodash/commit/1144918f3578a84fcc4986da9b806e63a6175cbb"><code>1144918</code></a> Rebuild lodash and docs</li> <li><a href="https://github.com/lodash/lodash/commit/3a3b0fd339c2109563f7e8167dc95265ed82ef3e"><code>3a3b0fd</code></a> Bump to v4.17.16</li> <li><a href="https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12"><code>c84fe82</code></a> fix(zipObjectDeep): prototype pollution (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4759">#4759</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/e7b28ea6cb17b4ca021e7c9d66218c8c89782f32"><code>e7b28ea</code></a> Sanitize sourceURL so it cannot affect evaled code (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4518">#4518</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/0cec225778d4ac26c2bac95031ecc92a94f08bbb"><code>0cec225</code></a> Fix lodash.isEqual for circular references (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4320">#4320</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4515">#4515</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/94c3a8133cb4fcdb50db72b4fd14dd884b195cd5"><code>94c3a81</code></a> Document matches* shorthands for over* methods (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4510">#4510</a>) (<a href="https://github-redirect.dependabot.com/lodash/lodash/issues/4514">#4514</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.11...4.17.19">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~mathias">mathias</a>, a new releaser for lodash since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+41 -41

1 comment

2 changed files

dependabot[bot]

pr closed time in 12 days

more