Auth0 API Client based on Deno

Auth0 Command Line Interface

This utility challenges the Resource Owner Password API of Auth0 with a standard username and password login.

⚠️ Development Only

This flow should only be used from highly-trusted applications that cannot do redirects. If you can use redirect-based flows from your app, we recommend using the Authorization Code Flow instead.

Requirements

DENO

This tools is targeted for Deno, see the official installation instructions for details.

Auth0 Regular Web Application

On the Auth0 management site, create an application based on a regular web application profile.

  • Enable Refresh Token Rotation (recommended)
  • Enable Refresh Token in GRANTS
  • Activate the needed Database Connections

Tenant Configuration

Create an .env file or export the following variables with the parameters from the Auth0 tenant.

# The API Audience URL of your tenant
AUTH_AUDIENCE=

# Properties of the Application
AUTH_CLIENT_ID=
AUTH_CLIENT_SECRET=

# The tenant domain (example.auth0.com)
AUTH_DOMAIN=

# Which database connection to use
AUTH_REALM=

# Your login credentials
AUTH_USERNAME=
AUTH_PASSWORD=

Note that environment variables have precedence over entries in .env file.

Installing

This utility requires the following permissions at runtime:

  • --allow-env the whole tenant configuration is passed by environment variables
  • --allow-net API calls need network access
  • --allow-read Load existing session files from ~/.auth0cli-<clientId>.json
  • --allow-write Save new session files to ~/.auth0cli-<clientId>.json
deno install -qf --allow-env --allow-net --allow-read --allow-write auth0cli.ts

Install directly from github:

deno install -qf --allow-env --allow-net --allow-read --allow-write https://raw.githubusercontent.com/sdescarries/auth0cli/v1.0.1/auth0cli.ts

Usage

> auth0cli login

Initiates a new session and challenges with the username and password. On success the result will be logged to console and the session JSON will be recorded into ~/.auth0cli-<clientId>.json

> auth0cli machine

Uses the client id and secret for a client grant challenge. This requires the application to be enabled for this flow in the API and usually has lower quotas allowed (1000/month for Auth0). See client grants for details.

> auth0cli refresh

Loads a cached session from ~/.auth0cli-<clientId>.json and initiates a refresh token challenge. On success the new tokens and updated expiration will logged to console and the session file will be updated.

Example output

{
  "accessToken": "eyJhbGciOiJSU...",
  "refreshToken": "v1.MaqSwVdfr...",
  "scope": "offline_access",
  "expiresIn": 86400,
  "tokenType": "Bearer",
  "expiresAt": "2020-11-09T19:34:46.246Z"
}

From this output, the accessToken and tokenType can be copied for instance to build an API request with an authorization header:

headers: {
  'Authorization': `${tokenType} ${accessToken}`
}

Testing

Make sure your environment is set and run the following:

deno test -A --unstable --coverage

Download Details:

Author: sdescarries

Source Code: https://github.com/sdescarries/auth0cli

#deno #nodejs #node #javascript

Auth0 API Client based on Deno
8.15 GEEK