Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mattaharish/fastify-authz-auth0
Authorization of API routes using auth0 permissions.
https://github.com/mattaharish/fastify-authz-auth0
auth0 authz fastify jwt
Last synced: about 1 month ago
JSON representation
Authorization of API routes using auth0 permissions.
- Host: GitHub
- URL: https://github.com/mattaharish/fastify-authz-auth0
- Owner: mattaharish
- Created: 2019-09-10T05:17:51.000Z (about 5 years ago)
- Default Branch: test
- Last Pushed: 2023-01-04T15:28:09.000Z (almost 2 years ago)
- Last Synced: 2024-09-30T19:05:18.109Z (about 2 months ago)
- Topics: auth0, authz, fastify, jwt
- Language: JavaScript
- Size: 411 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 12
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# fastify-authz-auth0
This module does not provide an authentication strategy, but it provides an utility to handle authorization in your routes, without adding overhead.
Check out the complete example [here](https://github.com/mattaharish/fastify-authz-auth0/blob/test/src/example.js).
## Install
```
npm i fastify-authz-auth0 --save
```
## Usage
Import this package in your `src/index.js` and register this plugin before registering your API routes.
```js
'use strict';
// Require the auth plugin
const auth = require('fastify-authz-auth0');
const routes = require('./app/v1');
function create() {
//creates the core fastify server instance with defaults
const fastify = core.createServer();
//Register auth plugin before registering routes
fastify.register(auth);
//custom routes set up
fastify.register(routes, { prefix: '/v1' });
return fastify;
}
async function start() {
const fastify = create();
core.start(fastify);
}
module.exports = {
create,
start
};
```
And when defining API routes, make sure you have a `preHandler` calling this `auth` function, which is decorated to the fastify instance.
Example API `route` definition
```js
fastify.route({
method: 'GET',
url: '/product-types/:productTypeId',
schema: {
params: {
type: 'object',
properties: {
productTypeId: { type: 'string', format: 'uuid' }
}
},
response: {
200: getProductTypeByIdSuccessfulResponse,
...errorResponses
}
},
// Pass the array of permissions for this route.
preHandler: fastify.auth(['read:product-types']),
handler: getProductTypeByIdHandler(fastify)
});
```
## Authentication & Authorization
```Authentication confirms user/ service identity to grant access to the system.```
```Authorization determines whether the user/ service has permissions to access the resources.```
```
Auth0 provides authentication and authorization as a service. It takes the overhead of generating accessTokens with the list of permissions based on role of user.
```
The permissions inside the token are embedded like below:
```
...
"permissions": [
"read:product-types"
]
...
```
## How this plugin works
1. This plugin will check for `authorization` property containing the value in the form of `Bearer ` in the request headers or body or query parameters.
2. Then the `token` is decoded using `jsonwebtoken` module and picks the `permissions` array in the token.
3. If the list of `permissions` which are passed, when calling the `auth` function in `preHandler` matches against the `permissions` obtained from the token then the `api` is served otherwise it responds with `403 {UnAuthorized}`
## Acknowledgements
This project is kindly sponsored by:
## License
Licensed under ---