imonthercks
commented
4 years ago For anyone wanting to test through Postman, here are the values needed if you use Get New Access Token under OAuth2.0 Authorization Type...
Callback URL: org.covital.o2monitor:/oauth2redirect/covital_pulse_oximetry_client_dev Auth URL: https://o2-monitoring-dev-us.auth0.com/authorize?audience=https://pulseox-sandbox.herokuapp.com/ Access Token URL: https://o2-monitoring-dev.auth0.com/oauth/token Client ID: 5SvFE06CGaHu39AmPQmTa76X1TlibVUt Client Secret: Not needed in this case Scope: openid profile email Client Authentication: Send client credentials in body
If you need the well known Dev Auth0 config, use the following URL: https://o2-monitoring-dev-us.auth0.com/.well-known/openid-configuration
Warning: if you don't set the DISABLE_TOKEN_VALIDATION_FOR_DEV=true then you will need to sign in through the Auth0 tenant to access User specific endpoints!
New changes for doing route validation of JWT selectively by Open API endpoint. This does not rely on the OpenAPI spec, but a wrapper around the endpoint handlers. There may be a more elegant way to do this, but I'll leave this up to someone with more skill than myself at node. :)
This change requires the addition of the authn.secureWithToken(context, request, response, handler) to the OpenAPI handler definitions for endpoints that need to be secured as you can see in the following block.
Also note that the following environment variables will need to be set to override the dev defaults...
I did not include changes to the package-lock.json, considering it was making changes to packages that I did not add. Will let someone else manage that.