Use Cases:
- Coarse Grained Authorization: Only members of group X can access application Y
- Fine Grained Authorization: Permissions and roles can be exposed to applications
- Helpdesk: Search for users, block users, unblock users, remove MFA, view user activity, ...
Supports:
- Heroku deployments
- Docker deployments
- Different storage providers:
- S3
- MongoDB
- Simple json file
Todos:
- Use
uuid
as unique identifier for permissions/roles/groups - Contextual groups/roles/permissions (only for application X)
- Assign permissions to roles
- Assign roles to groups
- Assign groups or roles to applications
- Calculate effective permissions for a user
- Calculate effective permissions for a role
- Calculate effective permissions for a group
- Calculate effective permissions for an application
- Push to Auth0 (1 big rule that contains authz/permissions/roles/groups)
- Secure all endpoints with permissions
- Export logs button
- Delete device credentials
- Impersonation + application configuration (SAML/WSFed/OIDC + scopes)
- Use Auth0 OAuth2-as-a-service
- Webtaskify
- Reset passwords
- Create users (with group memberships)
- "Session Expired" if JWT is expired or server returns not authenticated
- Handle login errors (eg: user blocked)
- Store permissions/roles/groups in the user profile also (in addition to having it in the token)
Configure you settings in /server/config.json
or as environment variables:
AUTH0_DOMAIN
: Your Auth0 domainAUTH0_CLIENT_ID
: The client_id of your applicationAUTH0_CLIENT_SECRET
: The client_secret of your applicationAUTH0_APIV2_TOKEN
: The API v2 token for interacting with API v2. Needs the following permissions:read:clients read:connections read:rules create:rules update:rules read:users update:users read:device_credentials read:logs
The permissions/roles/groups can be stored in a Json Database File with the following settings:
JSONDB_PATH
: Path to the database file, defaults toserver/db.json'
DATA_PROVIDER
:jsondb
The permissions/roles/groups can be stored in a MongoDB with the following settings:
MONGODB_CONNECTION_STRING
:mongodb://...
DATA_PROVIDER
:mongodb
The permissions/roles/groups can be stored in S3 with the following settings:
AWS_S3_BUCKET
:MY_BUCKET
,AWS_ACCESS_KEY_ID
:MY_KEY
,AWS_SECRET_ACCESS_KEY
:MY_SECRET_ACCESS_KEY
,
Client:
nvm use 4
npm install
npm run client:dev
Server:
nvm use 4
npm install
npm run server:dev
Client:
nvm use 4
npm install
npm run client:build
Server:
nvm use 4
npm install
npm run server:prod
Building:
docker build -t auth0/auth0-authz .
Start interactive:
docker rm auth0-authz
docker run -it --name "auth0-authz" -p 5000:3000 auth0/auth0-authz
Start in the background:
docker run -d --name "auth0-authz" -p 5000:3000 auth0/auth0-authz