{"id":19535467,"url":"https://github.com/souvikbasu/auth0-rules-per-app","last_synced_at":"2025-08-23T11:09:36.842Z","repository":{"id":144916496,"uuid":"87175164","full_name":"souvikbasu/auth0-rules-per-app","owner":"souvikbasu","description":"Sample application to list our Rules applied on each Application ","archived":false,"fork":false,"pushed_at":"2017-04-04T18:01:35.000Z","size":53,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-23T11:07:17.051Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/souvikbasu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-04-04T10:42:52.000Z","updated_at":"2017-04-04T14:21:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"422bdbee-7650-460b-bf86-41b361c2a2a1","html_url":"https://github.com/souvikbasu/auth0-rules-per-app","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/souvikbasu/auth0-rules-per-app","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikbasu%2Fauth0-rules-per-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikbasu%2Fauth0-rules-per-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikbasu%2Fauth0-rules-per-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikbasu%2Fauth0-rules-per-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/souvikbasu","download_url":"https://codeload.github.com/souvikbasu/auth0-rules-per-app/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/souvikbasu%2Fauth0-rules-per-app/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271746767,"owners_count":24813582,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-23T02:00:09.327Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T02:18:46.987Z","updated_at":"2025-08-23T11:09:36.767Z","avatar_url":"https://github.com/souvikbasu.png","language":"JavaScript","readme":"# Show Rules applied per Application using Auth0 Management API v2\n\nThis is a sample application that will list down the Rules that run on each Auth0 Client. On successful login, the \napplication page will show the list of all Clients and the Rules that run on each of them. A sample deployed app page \nlooks as follows:\n![App screenshot](/doc/app-screenshot.png?raw=true)\n\nPlease follow the following steps to setup the application code on your localhost.\n\n## Auth0 configuration\n1. Sign in to your Auth0 account. If you don't yet have an Auth0 account, [sign up](https://auth0.com/signup) for free.\n\n2. You need to first create a Node.js client in Auth0. Go to the [Auth0 Clients page](https://manage.auth0.com/#/clients) and click on `Create Client` button. Then select `Regular Web Applications` and click on the Create \nbutton. Select `Node.js` from the list of available technologies. Give a name to the client, e.g. `ListAppRulesUsingMngmtApiV2`\n\n3. Add `http://localhost:3000/callback` to the list of Allowed Callback URLs in the client settings page.\n\n4. Create a Non Interactive Client `API Explorer Client`. We will need this client to make calls to the Management API \nfrom our application code.\n\n5. Create a Whitelist Rule with following code\n```javascript\nfunction (user, context, callback) {\n    if (context.clientName === 'ListAppRulesUsingMngmtApiV2') {\n      var whitelist = [ 'youremail@example.com' ]; //authorized users\n      var userHasAccess = whitelist.some(\n        function (email) {\n          return email === user.email;\n        });\n\n      if (!userHasAccess) {\n        return callback(new UnauthorizedError('Access denied.'));\n      }\n    }\n    callback(null, user, context);\n}\n```\nThis way your application can be accessed only by a list of authorized users\n\n\n## Running the Sample\n\n1. Download or git clone this code to your localhost.\n\n```bash\ngit clone git@github.com:souvikbasu/auth0-rules-per-app.git\ncd auth0-rules-per-app\n```\n2. Install the dependencies.\n\n```bash\nnpm install\n```\n\n3. Configure environment variables\n```bash\n# copy configuration and replace with your own\ncp .env.example .env\n```\n\n`.env` file contains your Auth0 Client ID and Secret. Replace \nthe values for `AUTH0_CLIENT_ID`, `AUTH0_DOMAIN`, `AUTH0_CLIENT_SECRET`, `MANAGEMENT_API_CLIENT_ID` and `MANAGEMENT_API_CLIENT_SECRET` with your Auth0 credentials. \n\nFollowing are the keys set in the .env file\n\n`AUTH0_CLIENT_ID` Get the Client ID from the [Auth0 Clients page](https://manage.auth0.com/#/clients)\n\n`AUTH0_DOMAIN` Click on this Client in the [Auth0 Clients page](https://manage.auth0.com/#/clients) and get the \nDomain \n\n`AUTH0_CLIENT_SECRET` Click on this client in the [Auth0 Clients page](https://manage.auth0.com/#/clients) and get \nthe Client Secret\n\n`MANAGEMENT_API_CLIENT_ID` Click on *API Explorer Client* in the [Auth0 Clients page](https://manage.auth0.com/#/clients) and get the Client ID. You need to create an API Explorer Client if it does not already exist. This \nclient is needed to query the Management API\n\n`MANAGEMENT_API_CLIENT_SECRET`  Click on *API Explorer Client* in the [Auth0 Clients page](https://manage.auth0.com/#/clients) and get the Client Secret\n \n`AUTH0_CALLBACK_URL` If you are running the application on localhost then you do not need to set this key. If you \ndeploy the application to a third party service provider like Heroku then you need to specify the value as \n`AUTH0_DOMAIN`/callback. You will need to add this url to Allowed Callback URLs list in the Client's settings page in Auth0\n\n\n\n4. Run the app.\n\n```bash\nnpm start\n```\n\nThe app will be served at `localhost:3000`. To deploy the application to Heroku create an account in https://www\n.heroku.com/. Then commit the application source files to heroku repo. I recommend using the [heroku cli](https://devcenter.heroku.com/articles/heroku-cli). Add the \nsettings from .env file to \nhttps://dashboard.heroku.com/apps/your-app-name/settings\n\nYou might choose to deploy your app with any other service provider as per your comfort level with their service.\n\n\n## Explanation of code logic\nThe application code uses Auth0 lock to authenticate the user. The Whitelist rule makes sure that only authorized \nusers have access to this application.\n \nIf the user is not authorized the user is redirected to page /notAuthorized which shows the error message to the user.\nOtherwise the user is shown the list of applications and all rules that apply to each application. Following \nconditions are handled to show the rules per application:\n* Show list of Rules which apply to the application using condition like `if (context.clientName === 'App Name') {`\n* Show list of Rules which apply to the application using condition like `if (context.clientID === \n'VxYJCEfNONlpSZVAuD4uRKGKpz8abcda') {`\n* Do NOT show a rule for an application if condition is negative like `if (context.clientName !== 'App Name') {` or \n`if (context.clientID !== 'VxYJCEfNONlpSZVAuD4uRKGKpz8Jm6mh') {`\n* Show an application in list even if no rules apply to that application\n \nWe find out which application a rule applies (or does not apply) by looking at the Rules script and using string \nRegular Expressions to parse it.\n\nThere are two preferable algorithms to achieve this. Following are the pseudo code. We have used the code which \nexecutes faster:\n### More readable code\nSince the problem statement is around rules per client, a readable code will be to loop through each client and find out all matching rules for the client\n\n```\nGet list of all rules and store in `rules` variable\nGet list of all clients and store in `clients` variable\n\nFor client in clients:\n    For rule in rules:\n        If rule.script has text like `if (context.clientName === '{ client name }')` or `if (context.clientID === '{ client id }')`\n        Then: \n             Add rule to client.rules\n            \n        If rule.script has text like `if (context.clientName !== '{ client name }')` or `if (context.clientID !== '{ client id }')`\n        Then: \n             clientDisallowed = Find out client from clients that this rule mentions \n             If client != clientDisallowed\n             Then:\n                Add this rule to array of client.rules\n             \nclient.rules in all clients contains the list of rules that apply to this client                    \n```\n \nThe above algorithm runs the regex on rules script 4 times for each client which makes the code slower. \nHence I have chosen to go with a faster algorithm that matches regex against each rule script only 4 times \nirrespective of the client. The regex is not matched again and again for each client.\n \n### Faster code\n```\nGet list of all rules and store in `rules` variable\nGet list of all clients and store in `clients` variable\n\nFor rule in rules:\n    If rule.script has text like `if (context.clientName === '{ client name }')` or `if (context.clientID === '{ client id }')`\n    Then: \n         clientAllowed = Find out client from clients that this rule mentions \n         Add rule to clientAllowed.rules\n        \n    If rule.script has text like `if (context.clientName !== '{ client name }')` or `if (context.clientID !== '{ client id }')`\n    Then: \n         clientDisallowed = Find out client from clients that this rule mentions \n         For all other clients, Add this rule to array of client.rules\n             \nclient.rules in all clients contains the list of rules that apply to this client                    \n```\n \n\n## Sample Deployment\nYou can check a sample [Heroku](https://auth0-rules-per-app.herokuapp.com) deployment of this application if your \nemail has been added in the Whitelist users for this application.\n\n## License\n\nThis project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsouvikbasu%2Fauth0-rules-per-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsouvikbasu%2Fauth0-rules-per-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsouvikbasu%2Fauth0-rules-per-app/lists"}