reverted token changes to fix audience issue (#14)

auth0-extensions · Feb 6, 2019 · 57b1c75 · 57b1c75
1 parent c684b6f
commit 57b1c75
Show file tree

Hide file tree

Showing 9 changed files with 57 additions and 59 deletions.
diff --git a/.gitignore b/.gitignore
@@ -32,5 +32,6 @@ node_modules
 .DS_Store
 .idea
 dist
+server/config.json
 
 npm-debug.log
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.1] - 2019-02-06
+
+### Fixed
+- Admin tokens audience issue fixed
+
 ## [2.0.0] - 2019-02-05
 
 ### Changed

diff --git a/index.js b/index.js
@@ -36,10 +36,7 @@ nconf
     HOSTING_ENV: 'default',
     PORT: 3000,
     AUTH0_RTA: 'auth0.auth0.com',
-    AUTH0_DOMAIN: 'xan-test3.eu.auth0.com',
-    EXTENSION_SECRET: 'secret',
-    WT_URL: 'http://localhost:3000',
-    PUBLIC_WT_URL: 'https://49ddb5d2.ngrok.io'
+    EXTENSION_SECRET: 'secret'
   });
 
 // Start the server.

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "auth0-authentication-api-debugger-extension",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "My extension for ..",
   "main": "index.js",
   "scripts": {
@@ -19,6 +19,7 @@
     "externals": [
       "[email protected]",
       "[email protected]",
+      "[email protected]",
       "cors",
       "[email protected]",
       "handlebars",
@@ -35,6 +36,7 @@
   "dependencies": {
     "auth0-extension-express-tools": "^1.1.9",
     "auth0-extension-tools": "^1.3.3",
+    "auth0-oauth2-express": "1.2.0",
     "body-parser": "^1.15.2",
     "cors": "2.8.1",
     "crypto": "^0.0.3",

diff --git a/server/index.js b/server/index.js
@@ -3,11 +3,12 @@ const crypto = require('crypto');
 const Express = require('express');
 const bodyParser = require('body-parser');
 const handlebars = require('handlebars');
-const { middlewares, routes, urlHelpers } = require('auth0-extension-express-tools');
+const { urlHelpers } = require('auth0-extension-express-tools');
 
 const config = require('./lib/config');
 const utils = require('./lib/utils');
 const metadata = require('../webtask.json');
+const dashboardAdmins = require('./middleware/dashboardAdmins');
 
 module.exports = (configProvider) => {
     config.setProvider(configProvider);
@@ -16,46 +17,29 @@ module.exports = (configProvider) => {
     const partial = handlebars.compile(require('./views/partial'));
     const app = new Express();
 
-    const adminsOnly = middlewares.authenticateAdmins({
-      credentialsRequired: true,
-      secret: config('EXTENSION_SECRET'),
-      audience: 'urn:authentication-api-debugger',
-      baseUrl: config('PUBLIC_WT_URL'),
-      onLoginSuccess: (req, res, next) => {
-        next();
-      }
-    });
 
     app.use(bodyParser.json());
     app.use(bodyParser.urlencoded({ extended: false }));
 
-    app.use(routes.dashboardAdmins({
-      secret: config('EXTENSION_SECRET'),
-      audience: 'urn:authentication-api-debugger',
-      rta: config('AUTH0_RTA').replace('https://', ''),
-      domain: config('AUTH0_DOMAIN'),
-      baseUrl: config('PUBLIC_WT_URL'),
-      clientName: `Auth0 Authentication API Debugger`,
-      sessionStorageKey: 'auth-api-debugger:apiToken',
-    }));
+    app.use(dashboardAdmins(config('AUTH0_DOMAIN'), 'Authentication API Debugger Extension', config('AUTH0_RTA')));
 
-    app.get('/pkce', adminsOnly, function (req, res) {
+    app.get('/pkce', function (req, res) {
         const verifier = utils.base64url(crypto.randomBytes(32));
         return res.json({
             verifier: verifier,
             verifier_challenge: utils.base64url(crypto.createHash('sha256').update(verifier).digest())
         })
     });
 
-    app.get('/hash', adminsOnly, function (req, res) {
+    app.get('/hash', function (req, res) {
         res.send(partial({
             hash: utils.syntaxHighlight(req.query),
             id_token: utils.jwt(req.query && req.query.id_token),
             access_token: utils.jwt(req.query && req.query.access_token)
         }));
     });
 
-    app.post('/request', adminsOnly, function (req, res) {
+    app.post('/request', function (req, res) {
         const request = req.body.request;
         delete req.body.request;
         res.send(partial({

diff --git a/server/middleware/dashboardAdmins.js b/server/middleware/dashboardAdmins.js
@@ -0,0 +1,38 @@
+const url = require('url');
+const auth0 = require('auth0-oauth2-express');
+
+module.exports = function(domain, title, rta) {
+  if (!domain) throw new Error('Domain is required');
+  if (!title) throw new Error('title is required');
+
+  const options = {
+    credentialsRequired: false,
+    scopes: 'read:clients read:client_keys',
+    clientName: title,
+    audience: function() {
+      return 'https://' + domain + '/api/v2/';
+    },
+    rootTenantAuthority: rta
+  };
+
+  const middleware = auth0(options);
+  return function(req, res, next) {
+    const protocol = 'https';
+    const pathname = (req.x_wt)
+      ? url.parse(req.originalUrl).pathname
+        .replace(req.x_wt.container, 'req.x_wt.container')
+        .replace(req.path, '')
+        .replace('req.x_wt.container', req.x_wt.container)
+      : url.parse(req.originalUrl).pathname
+        .replace(req.path, '');
+
+    const baseUrl = url.format({
+      protocol: protocol,
+      host: req.get('host'),
+      pathname: pathname
+    });
+
+    options.clientId = baseUrl;
+    return middleware(req, res, next);
+  };
+};
diff --git a/server/middleware/develop.js b/server/middleware/develop.js
diff --git a/server/views/index.js b/server/views/index.js
@@ -44,7 +44,7 @@ module.exports = `<html lang="en">
     }
   </style>
   <script type="text/javascript">
-    if (!sessionStorage.getItem("auth-api-debugger:apiToken")) {
+    if (!sessionStorage.getItem("token")) {
       window.location.href = '{{baseUrl}}/login';
     }
   </script>
@@ -569,7 +569,7 @@ $(function () {
     url: 'https://{{domain}}/api/v2/clients',
     type: 'GET',
     headers: {
-      'Authorization': 'Bearer ' + sessionStorage.getItem("auth-api-debugger:apiToken")
+      'Authorization': 'Bearer ' + sessionStorage.getItem("token")
     }}).done(
       function(data) {
         clients = _.map(data, function(client) { return _.pick(client, ['client_id', 'client_secret', 'name'] )} );

diff --git a/webtask.json b/webtask.json
@@ -1,7 +1,7 @@
 {
   "title": "Auth0 Authentication API Debugger",
   "name": "auth0-authentication-api-debugger",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "author": "auth0",
   "useHashName": false,
   "description": "This extension allows you to test and debug the various Authentication API endpoints",