v4 Beta
adamjmcgrath opened this issue ยท 20 comments
The node-auth0 v4 Beta is now live
Including:
- Rewritten from the ground up in TypeScript
- Types for methods, request parameters, bodies, errors and responses
- Customisable modern networking stack
Install
npm install auth0@betaDocs
ManagementClient: https://auth0.github.io/node-auth0/beta/classes/management.ManagementClient.html
AuthenticationClient: https://auth0.github.io/node-auth0/beta/classes/auth.AuthenticationClient.html
Sourcecode
We invite you to try it out, if you notice any problems with it - please raise an issue.
We expect a beta period of up to a quarter while we iron out any inaccuracies in the types, we will keep you informed of our progress in this thread.
Folks, the dist output doesn't match package.json. See https://github.com/auth0/node-auth0/blob/beta/package.json#L12 and https://unpkg.com/browse/auth0@4.0.0-beta.1/dist/
So TS types are not going to work out of the box. Is anyone testing this before publishing? Not a great look.
Thanks for the feedback @shellscape - this should be resolved in 4.0.0-beta.2
Hi, I'm using custom grant call and despite already passing the client_secret in the constructor for the AuthenticationClient, it's not passed if not included in the body, unlike the client_id, is this by design? As an end-user, not happy about having to repeat myself here.
Lines 210 to 214 in 9426eb0
Hey @nextlevelbeard ,
That's by design, as not all grants require a secret. So even though you have configured a secret, you might want to call a grant without a secret.
However, that does rise the question if supporting grants without a client_secret is something this SDK should do or not. /cc @adamjmcgrath as I remember us talking about it, what do you think?
If we don't, we could consider adding the secret in the grant method as well.
@nextlevelbeard - since all grants that auth0 supports should be covered in the authentication client, there shouldn't be any reason to use the custom grant call (we only expose it so we can re-use it in the Passwordless client)
Could you share your use case for using the custom grant method?
Hi @adamjmcgrath @frederikprijck
I'm currently doing end-to-end test automation for an SPA with Node 18, TypeScript and webdriverIO.
Our backend integrates with auth0. We have configured an SPA Application with a database connection (named for example FOO).
We also configured a separate Machine to Machine application for Test Automation purposes (called Test Automation) that is authorized to talk to both the Management API and our custom API, with limited permissions.
During the tests I am creating users (on our API that talks to auth0 behind the curtain) and logging them in through a custom grant call with a custom realm, it simplifies and speeds up the the authentication process with a single call containing the user credentials. This is solely for our development environment and test automation purposes, easy and simple authentication flow.
AFAIK the custom grant type is the only way to authenticate against a database connection (please confirm!)
import * as auth0 from 'auth0';
const authClient = new auth0.AuthenticationClient({
domain: "REDACTED",
clientId: "REDACTED",
clientSecret: "REDACTED"
})
const response = await authClient
.oauth
.grant("http://auth0.com/oauth/grant-type/password-realm", {
// aka The name of our Database Connection
realm: "FOO",
// The original issue, shouldn't be need, auth client should already have this
client_secret: "REDACTED",
audience: "REDACTED",
username: "REDACTED",
password: "REDACTED"
})
// Take this token update our API client, etc
const token = response!.data.access_token@nextlevelbeard , you should be able to use passwordGrant, see https://github.com/auth0/node-auth0/blob/beta/src/auth/oauth.ts#L349.
import * as auth0 from 'auth0';
const authClient = new auth0.AuthenticationClient({
domain: "REDACTED",
clientId: "REDACTED",
clientSecret: "REDACTED"
})
const response = await authClient
.oauth
.passwordGrant({
// aka The name of our Database Connection
realm: "FOO",
audience: "REDACTED",
username: "REDACTED",
password: "REDACTED"
})As you can see in the source code, if you set the realm, it uses the "http://auth0.com/oauth/grant-type/password-realm" grant.
I tried with success, thank you.
I had previously tried and failed with password grant, without specifying realm and google led me to the custom grant call.
Hey! Beta doc links seem to be broken for me
Still no docs...
Is there a verifyEmail function to resend the verification email?
https://auth0.github.io/node-auth0/ManagementClient.html#sendEmailVerification
@francofantini - thanks for the heads up - they're back here https://auth0.github.io/node-auth0/beta
@Sibz - it's here https://auth0.github.io/node-auth0/beta/classes/management.JobsManager.html#verifyEmail
@adamjmcgrath Seems that the beta docs page is down again returning a 404, thanks.
Thanks, opened #920 to fix that
Merged, deployed and fixed. Beta docs are up again. Sorry about that, thanks for reporting.
Hey there, is there an ETA for the stable release? The unofficial type support is really painful DefinitelyTyped/DefinitelyTyped#66393 and having an official type support is a blessing
I can't find a v3 to v4 migration guide, is there one yet?
You can find the current migration guide here: https://github.com/auth0/node-auth0/blob/beta/v4_MIGRATION_GUIDE.md
This may still be subject to changes.
Regarding ETA, we are working towards getting a stable release as soon as possible.
Thank you @frederikprijck! The API looks much more consistent now and the "no unnecessary dependency" policy is really appealing, looking forward to upgrading to v4
I'm testing this using Express and I get this error:
ReferenceError: fetch is not defined
at new BaseAPI (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/lib/runtime.ts:34:44)
at new BaseAuthAPI (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/auth/base-auth-api.ts:97:5)
at new Database (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/auth/database.ts:120:1)
at new AuthenticationClient (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/auth/index.ts:18:21)
at new TokenProvider (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/management/token-provider.ts:23:33)
at new TokenProviderMiddleware (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/management/token-provider-middleware.ts:20:28)
at new ManagementClient (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/auth0/src/management/management-client.ts:73:9)
at Object.<anonymous> (/Users/user/guidedlabs/spps-usermanagement-service/src/routes/users.ts:7:15)
at Module._compile (node:internal/modules/cjs/loader:1198:14)
at Module.m._compile (/Users/user/guidedlabs/spps-usermanagement-service/node_modules/ts-node/src/index.ts:1618:23)
Any thoughts?
@iyinolu What version of node are u using? We only support Node18 and above with Node 16 going EOL tomorrow (12th september).
v4 has now been shipped https://github.com/auth0/node-auth0/releases/tag/v4.0.0 ๐
If you notice any problems with the latest release, please raise a new issue