swissarmykirpan
commented
5 years ago a few comments:
- If we are going graphql - then we dont need to protect these endpoints - what we need to do is create a graphql azure function and then protect that.
- AzureAPIM can do the protection piece. I can register Auth0 as an 0auth provider in Azure APIM and it will do the validation of the JWT and handle rejection. It's also cool because you can do a lot more with it (throttling, policies etc) - and it works on the consumption model (same as azure functions). We can also get AzureAPIM to turn the JWT into an object we can use, and pass that down to the graphql azure function
- Then all we have to do in the azure function is deserialize the json into an object and we're done.
- We don't really need serverless since the azure cli does all of that work for us in combination with the function.json
crysfel
Description
This PR adds a middleware to check if there's a JWT in the header, it tries to extract the data and put it inside the request.
If there's not a valid JWT (Or missing) the middleware returns an error and completes the request. If everything is OK, then it continues the execution of the function.
I've created two endpoints:
/users: list all users, for now it only returns dummy data but this data is protected./users-add: Request the current user's information from auth0, this endpoint will save the new user in the database. For now is only returning the user's information in the response but later on we will get the email, name, avatar, etc. and save it in the database when a new user signs up.Closes #44