This module does not provide an authentication strategy, but it provides an utility to handle authorization in your routes, without adding overhead.
Check out the complete example here.
npm i fastify-authz-auth0 --save
Import this package in your src/index.js
and register this plugin before registering your API routes.
'use strict';
// Require the auth plugin
const auth = require('fastify-authz-auth0');
const routes = require('./app/v1');
function create() {
//creates the core fastify server instance with defaults
const fastify = core.createServer();
//Register auth plugin before registering routes
fastify.register(auth);
//custom routes set up
fastify.register(routes, { prefix: '/v1' });
return fastify;
}
async function start() {
const fastify = create();
core.start(fastify);
}
module.exports = {
create,
start
};
And when defining API routes, make sure you have a preHandler
calling this auth
function, which is decorated to the fastify instance.
Example API route
definition
fastify.route({
method: 'GET',
url: '/product-types/:productTypeId',
schema: {
params: {
type: 'object',
properties: {
productTypeId: { type: 'string', format: 'uuid' }
}
},
response: {
200: getProductTypeByIdSuccessfulResponse,
...errorResponses
}
},
// Pass the array of permissions for this route.
preHandler: fastify.auth(['read:product-types']),
handler: getProductTypeByIdHandler(fastify)
});
Authentication confirms user/ service identity to grant access to the system.
Authorization determines whether the user/ service has permissions to access the resources.
Auth0 provides authentication and authorization as a service. It takes the overhead of generating accessTokens with the list of permissions based on role of user.
The permissions inside the token are embedded like below:
...
"permissions": [
"read:product-types"
]
...
-
This plugin will check for
authorization
property containing the value in the form ofBearer <Token(Generated By Auth0)>
in the request headers or body or query parameters. -
Then the
token
is decoded usingjsonwebtoken
module and picks thepermissions
array in the token. -
If the list of
permissions
which are passed, when calling theauth
function inpreHandler
matches against thepermissions
obtained from the token then theapi
is served otherwise it responds with403 {UnAuthorized}
This project is kindly sponsored by:
Licensed under ---