Contents
npm install nexus-plugin-auth0
The plugin currently expects the "UsersAccessToken" to be in the following format on the header of the incoming request.
{
"authorization": "Bearer UsersAccessToken"
}There are two main ways to use this plugin.
- Using the
protectedPathsto deny access to certain paths. - Using it to only validate and decode then to using the decoded token (available as ctx.token) to control access using another plugin such as
nexus-plugin-sheild
The decoded token will be added to Nexus Context under ctx.token which has the following type
type DecodedAccessToken = {
iss: string
sub: string
aud: string[]
iat: number
exp: number
azp: string
scope: string
}
// ctx.token
type ContextToken = DecodedAccessToken | nullIf protectedPaths is passed, then only valid access tokens will be allowed to access these paths
import { use } from 'nexus'
import { auth } from 'nexus-plugin-auth0'
use(
auth({
auth0Audience: 'nexus-plugin-auth0',
auth0Domain: 'graphql-nexus.eu.auth0.com',
protectedPaths: ['Query.posts'],
})
)All paths will have the decoded token added to ctx only if the token is validated but will not deny access. The token can then be used by nexus-plugin-shield to control access.
import { use } from 'nexus'
import { auth } from 'nexus-plugin-auth0'
import { rule } from 'nexus-plugin-shield'
const isAuthenticated = rule({ cache: 'contextual' })(async (parent, args, ctx: NexusContext, info) => {
const userId = ctx?.token?.sub
return Boolean(userId)
})
const rules = {
Query: {
posts: isAuthenticated,
},
Mutation: {
deletePost: isAuthenticated,
},
}
use(
auth({
auth0Audience: 'nexus-plugin-auth0',
auth0Domain: 'graphql-nexus.eu.auth0.com',
})
)
use(
shield({
rules,
})
)type Settings = {
auth0Domain: string
auth0Audience: string
protectedPaths?: string[]
debug?: boolean
}