Something that I am looking to do is to simplify this tutorial:
I am thinking about not requiring the use of the client or to provide the client code for people to clone and try on their own. The current dashboard is a specialized app because it has a “demo launcher” module that it’s not helpful or relevant for our readers and customers. It also uses RxJS with React which may not be a popular combination
I also think that Passport is absolutely not needed for this application. I think the best course of action is to replace it with a simpler middleware function. We are coming up with new guidance on how to add authentication to Node.js web apps, which will include Express and NestJS That’s a reason why we have not yet updated this tutorial.
I actually think the hosted client is a splendid idea, because I don’t have to take those extra steps of cloning and setting up, it’s ready to go. I don’t think it really add/removes anything from the tutorial the combination of stacks you decide to use behind the scenes.
I’d admit the Passport strategy is a bit involved, but your instructions are clear and straight to the point.
Questions that I’ve been pondering also though, is say I decide to use Auth0 for my auth(z) needs:
How do I ensure I don’t see the Auth0 authentication interface, but use a custom version?
Is it accurate to say RBAC is only a paid feature? Will I only have access to this feature when I pay for the tier above the free plan?
Thank you! That’s great to hear. I was hesitant at first about including a live demo app, but I figured it was much easier than having to clone a repo and running and setting up yet another app locally.
The middleware solution is so much easier that I feel like… Why didn’t I go that route from the get go? But thank you for the feedback that instructions are clear
I am currently in the planning stage of a blog post that would cover how to customize the Auth0 Login Page.
Is it accurate to say RBAC is only a paid feature? Will I only have access to this feature when I pay for the tier above the free plan?
Let me research more in-depth the answer to this one
I’ll also check your repo on Monday on a fresh system and see what I can come up with
Looking forward to the article! Thanks for the responses again.
I should also mention, I tried to console log from within the JwtStrategy.validate method, and nothing was logged. My guess is that even after registering the strategy within the authz module, it’s still not being picked up.
Mentioning in case you might have immediate ideas as to what the issue is.
PS: Also, I know it’s a bit of a stretch ask, but I’m also available for a Zoom call, if you’re up for live debugging
EDIT: Cloned your repo, fixed in the env variables, and I still get the 401 response.
@kesiena.akp and @nickhodges I run the last chapter in an Ubuntu VM, started from that chapter cloning the repo and checking out the branch. I was able to get it running. However, I did notice that after you set up the guards, you indeed may get that 401 error. I believe the token needs to be refreshed, so I refreshed the WAB Dashboard app by reloading the page and it worked right away. Could you please try that out?
I did ask one of my teammates to run the tutorial on this own (someone who has not run this tutorial before) and see if he gets the same blocker as both of you had. I’ll share his feedback once he’s done.
Thank you for your time and for reporting this issue
Cleared my cache, restarted my server, logged out and re-logged in as an admin. I can still see the admin options available, however I still get a 401 when I try to edit or add a new item.
I inspected the JWT to see if it had indeed expired, but it still has roughly 24 hrs to live.
Looking forward to feedback from your colleague.
Two of my teammates are looking into this. Will have more feedback on it tomorrow. I don’t know what I am doing wrong to get it right Two of them did confirm the 401 error though, so we are on it
This value should be actually called AUTH0_ISSUER_URL, it was a mistake on my part to name it AUTH0_DOMAIN as it can be confused with the value that you can copy from the Auth0 Application page where you set up your demo client.
I apologize for this But thank you for bringing this up so I could correct the language. Let me know if this fixes your issue, please.
Gotcha, Nick. Could you please clone the repo here, master branch:
And add your .env file to the cloned repo following the following format:
PORT=7000
AUTH0_DOMAIN=
AUTH0_AUDIENCE=
AUTH0_DOMAIN would be the AUTH0_DOMAIN=https://<your-auth0-tenant-name>.auth0.com/ value and AUTH0_AUDIENCE the value of the Identifier in your API settings.
Once you have that cloned project running, use the demo client on a private browser tab (or Incognito in Chrome), set the Client ID and Domain from the Auth0 Application Settings, and then log in as admin. Do you still get the same error?
Glad to hear! Part of the steps in the last chapter (Managing Roles) is to create an admin user through the Auth0 Dashboard. That user gets assigned the menu-admin role. Signing in as that user should then unlock the admin features of the demo UI.
Okay, I think I followed the tutorial to the letter. I didn’t change the code at all. I got the “basics” working, but for the life of me, I can’t get the “Add Item” link to appear.
That’s a reason why we have not yet updated this tutorial.
Why didn’t I go that route from the get go? But thank you for the feedback that instructions are clear 
I am looking into this. It’s strange. I should have a response by end of week 
Two of them did confirm the