I’m using the react auth0 provider to get an Auth0 token.
I’m taking this TOKEN and passing it via url param (as a test for now, eventually it would be a header) and try to decode it using jsonwebtoken verify function
The token is not getting verified.
This is my code (I’m setting type = “webpack” in my wrangler.toml so I can import modules):
Hi @dan.woda, FYI the provided solution above doesn’t actually work in Cloudflare Workers - but at no fault of Auth0. The node-jsonwebtoken and jwks-rsa packages require nodejs builtins and globals. Cloudflare Workers is nodejs “like”, but not actually full nodejs apis. They do offer the ability to turn on a compatibility mode which uses https://github.com/ionic-team/rollup-plugin-node-polyfills/ to emulate all the nodejs stuff. But sadly it still fails with the jwks-rsa package.
The most obvious dependency here is using the nodejs http and https libraries to make requests instead of the fetch api which are now standardized in all browsers and nodejs >=17.5. The same would apply to the nodejs crypto module vs browser JS crypto APIs.
Also FYI, Cloudflare removed their Workers+Auth0 blog post/sample this year due to a security flaw (I think it was not validating the JWT after it was returned from authorization server). So there is no good samples available today for CloudFlare+Auth0.
Ideally, the auth0 packages would be updated to have the option of using browser native APIs for http requests and crypto. But I realize that may not be a quick/easy task.