fix: Enhance Auth0 integration (#70)

* fix: Enhance Auth0 integration with redirect_after_code_exchange and updated API configuration * refactor: Rename redirect_after_code_exchange to callback_uri in API configuration and schema
irensaltali · Nov 7, 2024 · fd71be5 · fd71be5
1 parent ef5473b
commit fd71be5
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 15 deletions.
diff --git a/src/api-config.json b/src/api-config.json
@@ -39,9 +39,10 @@
         "domain": "$env.AUTH0_DOMAIN",
         "client_id": "$env.AUTH0_CLIENT_ID",
         "client_secret": "$secret.AUTH0_CLIENT_SECRET",
-        "redirect_uri": "https://api-test.serverlessapi.com/api/v1/auth0/callback",
+        "redirect_uri": "https://api-test.xx.com/api/v1/auth0/callback",
+        "callback_uri": "https://api-test.xx.com/api/v1/auth0/callback-redirect",
         "jwks": "$secret.AUTH0_JWKS",
-        "jwks_uri": "https://serverlessapi.us.auth0.com/.well-known/jwks.json",
+        "jwks_uri": "https://xx.us.auth0.com/.well-known/jwks.json",
         "scope": "openid profile email"
     },
     "variables": {

diff --git a/src/api-config.schema.json b/src/api-config.schema.json
@@ -169,6 +169,9 @@
                         "redirect_uri": {
                             "type": "string"
                         },
+                        "callback_uri": {
+                            "type": "string"
+                        },
                         "jwks": {
                             "type": "string"
                         },
@@ -185,6 +188,7 @@
                         "client_id",
                         "client_secret",
                         "redirect_uri",
+                        "callback_uri",
                         "scope"
                     ],
                     "anyOf": [

diff --git a/src/index.js b/src/index.js
@@ -93,7 +93,7 @@ export default {
 			}
 			else if (apiConfig.authorizer && matchedPath.config.auth && apiConfig.authorizer.type == 'auth0') {
 				try {
-					await validateIdToken(request);
+					await validateIdToken(request, apiConfig.authorizer);
 				} catch (error) {
 					if (error instanceof AuthError) {
 						return setPoweredByHeader(
@@ -154,15 +154,15 @@ export default {
 				const urlParams = new URLSearchParams(url.search);
 				const code = urlParams.get('code');
 
-				return auth0CallbackHandler(code, apiConfig);
+				return auth0CallbackHandler(code, apiConfig.authorizer);
 			} else if (matchedPath.config.integration && matchedPath.config.integration.type == IntegrationTypeEnum['AUTH0USERINFO']) {
 				const urlParams = new URLSearchParams(url.search);
 				const accessToken = urlParams.get('access_token');
 
-				return getProfile(accessToken);
+				return getProfile(accessToken, apiConfig.authorizer);
 			} else if (matchedPath.config.integration && matchedPath.config.integration.type == IntegrationTypeEnum['AUTH0CALLBACKREDIRECT']) {
 				const urlParams = new URLSearchParams(url.search);
-				return redirectToLogin({ state: urlParams.get('state') });
+				return redirectToLogin({ state: urlParams.get('state') }, apiConfig.authorizer);
 			} else {
 				return setPoweredByHeader(
 					setCorsHeaders(

diff --git a/src/integrations/auth0.js b/src/integrations/auth0.js
@@ -1,8 +1,8 @@
 import { jwtVerify, createLocalJWKSet, createRemoteJWKSet, errors } from 'jose';
 import { AuthError } from "../types/error_types";
 
-async function auth0CallbackHandler(code, apiConfig) {
-    const { domain, client_id, client_secret } = apiConfig.authorizer;
+async function auth0CallbackHandler(code, authorizer) {
+    const { domain, client_id, client_secret, callback_uri } = authorizer;
 
     const tokenUrl = `https://${domain}/oauth/token`;
 
@@ -11,7 +11,7 @@ async function auth0CallbackHandler(code, apiConfig) {
         client_id,
         client_secret,
         code,
-        redirect_uri: 'https://api-test.serverlessapigw.com/api/v1/auth0/callback'
+        redirect_uri: callback_uri
     });
 
     try {
@@ -50,8 +50,8 @@ async function auth0CallbackHandler(code, apiConfig) {
     }
 }
 
-async function validateIdToken(request) {
-    const { domain, jwks, jwks_uri } = apiConfig.authorizer;
+async function validateIdToken(request, authorizer) {
+    const { domain, jwks, jwks_uri } = authorizer;
     const authHeader = request.headers.get('Authorization');
     if (!authHeader || !authHeader.startsWith('Bearer ')) {
         throw new AuthError('No token provided or token format is invalid.', 'AUTH_ERROR', 401);
@@ -107,8 +107,8 @@ async function validateIdToken(request) {
     }
 }
 
-async function getProfile(accessToken) {
-    const { domain } = apiConfig.authorizer;
+async function getProfile(accessToken, authorizer) {
+    const { domain } = authorizer;
 
     const userinfourl = `https://${domain}/userinfo`;
 
@@ -147,8 +147,8 @@ async function getProfile(accessToken) {
     }
 }
 
-async function redirectToLogin(params) {
-    const { domain, client_id, redirect_uri, scope } = apiConfig.authorizer;
+async function redirectToLogin(params, authorizer) {
+    const { domain, client_id, redirect_uri, scope } = authorizer;
     const loginUrl = `https://${domain}/authorize?response_type=code&client_id=${client_id}&redirect_uri=${redirect_uri}&scope=${scope}&state=${params.state}`;
     return Response.redirect(loginUrl, 302);
 }