Serverless with Auth0

nmck · October 2, 2019, 1:14am

Hello,

I am currently exploring the options to authorize an API that is run on Serverless.

I am still quite new to Serverless and I am accustomed to checking user permissions with middleware using express.

router.get("protectedRoute", checkJwt, permissions.check(["get: protected_route"]), async (req, res) => {}

I am having trouble finding good examples of doing something similar with Serverless and auth0. Ideally I want to specify what permissions are required for a route and attach the user object to the request like I would in express.

I managed to set up a custom authorizer that reads the authentication header token but I cannot check permissions or attach the user to the event this way.

Any help in the right direction would be appreciated.

dan.woda · October 2, 2019, 10:31pm

Hi @nmck,

Can you clarify; are you not seeing the permissions and user in the token? Is that the problem?

If so you can use the sub claim to find the user id and permissions should be registered in the API in the auth0 dashboard then found in the token.

If this is not the case can you give some more context.

Hope this helps!

Thanks,
Dan