nexus-plugin-auth0
Contents
Installation
npm install nexus-plugin-auth0
How it Works
The plugin currently expects the "UsersAccessToken" to be in the following format on the header of the incoming request.
{
"authorization": "Bearer UsersAccessToken"
}There are two main ways to use this plugin.
Using the
protectedPathsto deny access to certain paths.Using it to only validate and decode then to using the decoded token (available as ctx.token) to control access using another plugin such as
nexus-plugin-sheild
The decoded token will be added to Nexus Context under ctx.token which has the following type
type DecodedAccessToken = {
iss: string
sub: string
aud: string[]
iat: number
exp: number
azp: string
scope: string
}
// ctx.token
type ContextToken = DecodedAccessToken | nullExamples
Protected Paths
If protectedPaths is passed, then only valid access tokens will be allowed to access these paths
import { use } from 'nexus'
import { auth } from 'nexus-plugin-auth0'
use(
auth({
auth0Audience: 'nexus-plugin-auth0',
auth0Domain: 'graphql-nexus.eu.auth0.com',
protectedPaths: ['Query.posts'],
})
)Usage with nexus-plugin-shield
All paths will have the decoded token added to ctx only if the token is validated but will not deny access. The token can then be used by nexus-plugin-shield to control access.
import { use } from 'nexus'
import { auth } from 'nexus-plugin-auth0'
import { rule } from 'nexus-plugin-shield'
const isAuthenticated = rule({ cache: 'contextual' })(async (parent, args, ctx: NexusContext, info) => {
const userId = ctx?.token?.sub
return Boolean(userId)
})
const rules = {
Query: {
posts: isAuthenticated,
},
Mutation: {
deletePost: isAuthenticated,
},
}
use(
auth({
auth0Audience: 'nexus-plugin-auth0',
auth0Domain: 'graphql-nexus.eu.auth0.com',
})
)
use(
shield({
rules,
})
)Plugin Settings
type Settings = {
auth0Domain: string
auth0Audience: string
protectedPaths?: string[]
debug?: boolean
}
Last updated