Skip to content

Commit

Permalink
Merge pull request #23 from jpadilla/verify-issuer
Browse files Browse the repository at this point in the history
Make sure we verify issuer
  • Loading branch information
Chris Geihsler authored Jul 15, 2020
2 parents 6f137bb + d63229d commit df8dbbe
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 6 deletions.
24 changes: 19 additions & 5 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,28 @@ app.get('/.well-known/oauth2-client-configuration', function(req, res) {
});
});


function jwtMiddleware(req, res, next) {
const rta = req.webtaskContext.data.AUTH0_RTA || 'https://auth0.auth0.com';
const middleware = expressJwt({
secret: rsaValidation({ strictSSL: true }),
algorithms: ['RS256'],
getToken: function(req) { return req.body.access_token; },

/**
* Note: We're normalizing the issuer because the access token `iss`
* ends in a slash whereas the `AUTH0_RTA` secret does not.
*/
issuer: rta.endsWith('/') ? rta : `${rta}/`,
})

return middleware(req, res, next);
}

app.post(
'/',
bodyParser.urlencoded({ extended: false }),
expressJwt({
secret: rsaValidation({ strictSSL: true }),
algorithms: ['RS256'],
getToken: function(req) { return req.body.access_token; }
}),
jwtMiddleware,
function(req, res) {
if (
req.user.aud === req.audience ||
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "auth0-extension-realtime-logs",
"version": "1.3.5",
"version": "1.3.6",
"description": "Access real-time webtask logs",
"scripts": {
"build": "npm run clean && npm run extension:build",
Expand Down

0 comments on commit df8dbbe

Please sign in to comment.