Auth0
- Uses OAuth 2.0 Client Credentials grant flow.
- Requires some Auth0 entities: Resource Server and Application (clients).
- Clients need to be programmatically created via Auth0 Management API, eg: when mapping to SASS customers.
Reference: auth0.com/blog/using-m2m-authorization/
Registering server
Also available via API endpoint.
The server needs some logic that inspects the contents of the token and validates that the client has the right scope to call a given endpoint:
app.get('/api/location/geocode', requireScope('geocode:location'), function(req, res, next) {
res.json({
lat: 47.6178819,
lng: -122.194041
});
});
Registering the client
Also available via API endpoint.
By default, a client is not authorized to access any of the Resource Servers. The next step is to authorize the client for the Resource Server and define which scopes are enabled for this client.
Retrieving access token and calling the API
The client can call the https://API_DOMAIN/oauth/token endpoint to get an access token which can then be used to call the registered server.
var options = {
method: 'POST',
url: 'https://' + env('AUTH0_DOMAIN') + '/oauth/token',
headers: {
'content-type': 'application/json'
},
body: {
audience: env('RESOURCE_SERVER'),
grant_type: 'client_credentials',
client_id: env('AUTH0_CLIENT_ID'),
client_secret: env('AUTH0_CLIENT_SECRET')
},
json: true
};
request(options, function(err, res, body) {
if (err || res.statusCode < 200 || res.statusCode >= 300) {
return callback(res && res.body || err);
}
callback(null, body.access_token);
});