Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@flit/cdk-auth0) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
This collection of CDK constructs allows you to manage your Auth0 resources programmatically, enabling tighter integration with CDK and giving you all the benefits of infrastructure as code together with Auth0's large feature set.
The constructs provided by this library work in the same way any native AWS CDK constructs do, and expose all of the parameters that the Auth0 Management API exposes.
Usage
Installation
The package is available on NPM and can be installed using your package manager of choice:
npm i @flit/cdk-auth0pnpm add @flit/cdk-auth0yarn add @flit/cdk-auth0Setup
To get started you will manually create a Machine to Machine Application in your Auth0 account and authorize it to have access to all permissions of the Auth0 Management API. This is necessary to allow the constructs to interact with the Auth0 API and create and manage resources on your behalf.
Once you have the Machine to Machine Application created you can go into the AWS Secrets Manager and create a new secret containing the applications credentials in the following format:
{
"domain": "...",
"clientId": "...",
"clientSecret": "..."
}All constructs will require this secret to be passed as apiSecret parameter.
Example
You can now use the Auth0 constructs as you would any native AWS CDK constructs. The example below shows how to create an Auth0 API and Application, grant the Application access to the API and add an action to the post-login trigger:
import { Duration, Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";
import { Secret } from "aws-cdk-lib/aws-secretsmanager";
import {
ResourceServer,
Client,
ClientGrant,
Trigger,
Action,
} from "@flit/cdk-auth0";
export class ExampleStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const auth0Secret = Secret.fromSecretNameV2(
this,
"Secret",
"YourSecretName",
);
const resourceServer = new ResourceServer(this, "ResourceServer", {
apiSecret: auth0Secret,
enforcePolicies: true,
allowOfflineAccess: true,
});
const webClient = new Client(this, "WebClient", {
apiSecret: auth0Secret,
appType: "regular_web",
isFirstParty: true,
tokenEndpointAuthMethod: "client_secret_basic",
initiateLoginUri: "https://test.com/auth",
callbacks: ["https://test.com/auth/callback"],
allowedLogoutUrls: ["https://test.com"],
oidcConformant: true,
refreshToken: {
rotationType: "rotating",
expirationType: "expiring",
tokenLifetime: Duration.days(7),
idleTokenLifetime: Duration.days(1),
},
grantTypes: ["implicit", "authorization_code", "refresh_token"],
});
new ClientGrant(this, "ClientGrant", {
apiSecret: auth0Secret,
client: webClient,
audience: resourceServer,
scope: [],
});
new Trigger(this, "Auth0PostLoginTrigger", {
apiSecret: auth0Secret,
id: "post-login",
actions: [
new Action(this, "Auth0AugmentClaimAction", {
apiSecret: auth0Secret,
supportedTriggers: [{ id: "post-login", version: "v3" }],
code: `
exports.onExecutePostLogin = async (event, api) => {
api.idToken.setCustomClaim("example", "test123");
api.accessToken.setCustomClaim("example", "test123");
}
`,
}),
],
});
}
}