search

denoland / deno_kv_oauth

High-level OAuth 2.0 powered by Deno KV.
https://jsr.io/@deno/kv-oauth
MIT License
246 stars 24 forks source link

Auth0 example #140

Closed adoublef closed 1 year ago

adoublef commented 1 year ago

I've made the issue here but as this package depends on it and the docs show Auth0 being supported wanted to bring it to your attention too.

Auth0 will return an invalid JWT unless the audience is added to the Uri. Looking at the code it doesn't seem that there's currently a way to allow this

iuioiua commented 1 year ago

Auth0 will return an invalid JWT unless the audience is added to the Uri.

Could you please clarify? Added to which URI? In which function is the invalid JWT being returned? In which part of the code are you expecting to see a JWT? Also, in your use case, is the audience required? A brief look at the documentation says that it's optional.

adoublef commented 1 year ago

The audience is required for so that the token that is returned isn't opaque but an access token (as this YouTube vid shares: Why is my Access Token not a JWT? (Opaque Token) -- Auth0 Community Response Series - YouTube). Due to this, you aren't able to use the token for subsequential requests using APIs configured in Auth0. Looks like an issue with the way getAuthorizationUri is created doesn't give an option to append your own params. 

Ran into similar issue with a Go package that I use but they offer an additional method to set optional url params. 

I don't think it's something that can be fixed without forking or waiting for the original author to fix but this will make using Auth0 incomplete.

cmd-johnson commented 1 year ago

Copying what I just wrote at cmd-johnson/deno-oauth2-client#33, the URI returned by getAuthorizationUri is an instance of the URL class, so you can just add additional parameters as needed by calling uri.searchParams.set("paramName", "value");

adoublef commented 1 year ago

yh that means then maybe just an additional options argument is needed here and this should allow the ability for end users to add additional params.

This wouldn't be far off what they do here

EDIT: I think this should satisfy #141 I am unsure what api you think would be best but I have gone for an optional argument and the urlParams is just a record

iuioiua commented 1 year ago

@adoublef, can you confirm that this module works with Auth0?

adoublef commented 1 year ago

Oh yes all that is needed is audience and you get a token that can be used with the APIs. I tested with generating the token and then using an existing go API with the required scope. The body was confirmation enough that it can work with the rest of what Auth0 has to offer.

iuioiua commented 1 year ago

Great to hear! Thanks for helping! 💪🏾

brianknight10 commented 1 year ago

@iuioiua Will you be cutting a new release with this change anytime soon? Thank you!

iuioiua commented 1 year ago

Just done - https://github.com/denoland/deno_kv_oauth/releases/tag/v0.2.8

brianknight10 commented 1 year ago

Thanks mate!