I have the following that works…
router.get("/login", passport.authenticate("auth0-oidc"));
router.get("/user",
ensureLogin.ensureLoggedIn("/login"),
function(req, res) {
res.send("working");
});
router.get("/callback",
passport.authenticate("auth0-oidc"), function(req, res) {
res.redirect("/user");
},
);
Now I would like to be able to access the user resource with an Authorization header. How would I configure that? I can get the access token so just need to know how to pass it to the protected url using the header.
I tried using the JWT along side like…
const config = {
secretOrKeyProvider: passportJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `${process.env.ISSUER_BASE_URL}/.well-known/jwks.json`,
}),
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
algorithms: ["RS256"],
clientId: process.env.CLIENT_ID,
clientSecret: process.env.SECRET,
issuer: process.env.ISSUER_BASE_URL,
};
passport.use(new JwtStrategy(config, function(jwt_payload, done) {
done(jwt_payload);
}));
router.get("/callback",
passport.authenticate(["jwt", "auth0-oidc"], {
scope: "openid email profile",
}), function(req, res) {
res.redirect("/user");
},
);
This works for the login but, when I include the header, auth still redirects me to login.