Secure serverless ZEIT API with Auth0 JWT Bearer Token

Hello,

I am stuck on securing an API built with serverless Node functions using Zeit Now (Serverless Function Runtimes – Vercel Docs)

I have already implemented authentication in a React front end but now I wanna make sure that the api routes are protected so that when a user logs into the Single Page App, he gets a bearer token that lets him query only his data.

I imagine I have to

1- get the bearer token from React (not sure how since the react-auth0-wrapper.js does not seem to have it…
2- create an API in auth0 dashboard, then import the jsonwebtoken npm library in my serverless functions. (?)

I saw that most of the tutorials you have cover ExpressJS in a server environment, so not sure how to approach this with nodeJS serverless functions.

Thank you so much.

2 Likes

Ok, made some progress.

1- I was able to get the jwt token from react-auth0-wrapper.js ! I will send that to the API as a bearer token.

So now I need to implement the serverless API that can parse and verify the token. Any suggestion with that one in a NodeJS but no express environment?

Thanks again.

1 Like

Pretty disappointed by the lack of community help. Not sure why this topic is being ignored and why auth0 has no support staff available to help us.

At the end I parsed and succesfully verified the token with jsonwebtoken.

So I solved my problem of authorizing a request from frontend to API, now I know how to check for unauthenticated request.

Additionally I wanted to ask what are the more appropriate things to do with the verified token content. Should I use the user ID auth0|6j9rfd823... with the Auth0 API to fetch more data about the user?

1 Like

what an AMAZING and HELPFUL community! wow! Impressed by the number of replies that I received. ahahah

Any of the auth0 staff that saw this and didn’t reply: congratulations for the lack of support I experienced here.

1 Like

Again, the most helpful community in the entire internet :joy::joy::joy::joy::joy:

1 Like

How did you do it? Can you share the code please :)?

I’m sure banalytics will write up a guide here any moment now just to be an example to the community!

Hi we were struggling with this issues also, any news here? just interested on different ways this can be solved.

oh wow guys! Just saw this now, fuuu I should have written a guide for real! sorryy!! ahah! I’m super crazy busy this period but I see if I can do something ok?