Auth0_jwks - I made an Auth0 plug so you don't have to!

Hey all,

I spent a good part of today battling with Auth0’s awkward documentation and muddy concepts trying to figure out how I can turn an access token from my web client into actionable user data on my API.

As a result I created a small plug to help the community avoid the pitfall I ran into trying to get this running. I hope you enjoy!

P.s. I’ll put out a tutorial around this in a week or so

9 Likes

Welcome to the forum - and thanks for the contribution to the community :heart:

Quick notes

Do you need to handle bearer not Bearer?

Note that “Bearer” is now case sensitive. Per original HTTP spec, auth scheme is case insensitive (https://tools.ietf.org/html/rfc2617#section-1.2) however “Basic” and “Bearer” are exceptions (see https://tools.ietf.org/html/rfc6750#section-2.1)

In my case, I usually just accept the good request (Bearer) - then you can simplify this by pattern match on the string - "Bearer " <> token = header

4 Likes

Good point @chulkilee! It would simplify the code for sure. I just generally didn’t want to trip up a beginner to JWTs on Bearer vs bearer so I made it not matter. :sweat_smile:Who knows if it will help someone out but I hope so.

Very nice :+1: thank you for putting this together. I’ve done something nearly identical in the past and never gotten around to polishing it up for general reuse so I’m sure this will be useful for me in the future.