This utility challenges the Resource Owner Password API of Auth0 with a standard username and password login.
This flow should only be used from highly-trusted applications that cannot do redirects. If you can use redirect-based flows from your app, we recommend using the Authorization Code Flow instead.
This tools is targeted for Deno, see the official installation instructions for details.
On the Auth0 management site, create an application based on a regular web application profile.
Create an .env
file or export the following variables with the parameters from the Auth0 tenant.
# The API Audience URL of your tenant
AUTH_AUDIENCE=
# Properties of the Application
AUTH_CLIENT_ID=
AUTH_CLIENT_SECRET=
# The tenant domain (example.auth0.com)
AUTH_DOMAIN=
# Which database connection to use
AUTH_REALM=
# Your login credentials
AUTH_USERNAME=
AUTH_PASSWORD=
Note that environment variables have precedence over entries in
.env
file.
This utility requires the following permissions at runtime:
--allow-env
the whole tenant configuration is passed by environment variables--allow-net
API calls need network access--allow-read
Load existing session files from ~/.auth0cli-<clientId>.json
--allow-write
Save new session files to ~/.auth0cli-<clientId>.json
deno install -qf --allow-env --allow-net --allow-read --allow-write auth0cli.ts
Install directly from github:
deno install -qf --allow-env --allow-net --allow-read --allow-write https://raw.githubusercontent.com/sdescarries/auth0cli/v1.0.1/auth0cli.ts
> auth0cli login
Initiates a new session and challenges with the username and password. On success the result will be logged to console and the session JSON will be recorded into ~/.auth0cli-<clientId>.json
> auth0cli machine
Uses the client id and secret for a client grant challenge. This requires the application to be enabled for this flow in the API and usually has lower quotas allowed (1000/month for Auth0). See client grants for details.
> auth0cli refresh
Loads a cached session from ~/.auth0cli-<clientId>.json
and initiates a refresh token challenge. On success the new tokens and updated expiration will logged to console and the session file will be updated.
{
"accessToken": "eyJhbGciOiJSU...",
"refreshToken": "v1.MaqSwVdfr...",
"scope": "offline_access",
"expiresIn": 86400,
"tokenType": "Bearer",
"expiresAt": "2020-11-09T19:34:46.246Z"
}
From this output, the accessToken
and tokenType
can be copied for instance to build an API request with an authorization header:
headers: {
'Authorization': `${tokenType} ${accessToken}`
}
Make sure your environment is set and run the following:
deno test -A --unstable --coverage
Author: sdescarries
Source Code: https://github.com/sdescarries/auth0cli
#deno #nodejs #node #javascript