Seamless store and refresh Auth0 tokens that can be automatically injected into requests, depending on configured urls/methods.
It will add a Authorization header to the requests that match your configuration.
The value of the header is the options set for auth0AuthType (e.g Bearer) follow by the existing Auth0 token for that url.
How long the tokens will be valid depends on the Refresh Token Expiration defined for each application, but it is usually 30 days.
Get if from the Insomnia plugin store or install it manually:
- Clone the repository:
git clone https://github.com/maatthc/insomnia-plugin-auth0
- Install dependencies:
yarn
- Build the plugin:
yarn build
- Install:
yarn local
The domain, clientId, audience and scope defined for your application on Auth0 are required: these are usually publicly available .
Callback and Logout Urls settings on Auth0 are required to include localhost on some port.
The cacheLocation is set to 'localstorage' and useRefreshTokens is set to true: these are not configurable at the moment.
For login, the method loginWithRedirect() is used and for logout() for logout.
Both methods isAuthenticated() and getTokenSilently() are used to confirm if the user is logged in.
Callback and Logout Urls are supported by a HTTP server running within Insomnia.
The server runs on port 3000 by default and is important for the authentication flow.
The port is configurable and most match your application configuration on Auth0.
You can safely shut down the server after login/logout in case the port is required by other service - for this use the "Auth0 Server Shutdown" option on the Workspace Actions.
For the requests that match the following cases, the Authorization Header will not include:
- The request Body includes 'IntrospectionQuery'.
- The request Header 'Authorization' already exists.
You should define one or more Auth0 instances and what URLs and methods the instance's token should be used.
The configuration should be set as a environment variable called auth0Instances in your Insomnia environment.
- auth0HttpServerPort: The tcp port to be used by the internal HTTP server. Default: 3000.
- urlRegexs: Array of Regex used to match the Auth0 instance with the request's URL.
- auth0AuthType: The string that prefix the authentication token (e.g Basic). Default: Bearer.
- domain, clientId, audience and scope: As defined in your application setting on Auth0.
If the plugin identifies changes in the configuration during a session, it will re-initializing the Auth0 instances to avoid unexpected behaviour.
That means that all authenticated instances will be logged out. To avoid this, restart Insomnia as soon as you make changes.
{
"auth0Instances": [
{
"urlRegexs": ["dev.test.com"],
"urlMethods": ["POST"],
"auth0AuthType": "Bearer",
"domain": "https://auth-dev.test.com",
"clientId": "clientIdDev",
"authorizationParams": {
"audience": "https://api.dev.test.com/gateway/graphql",
"scope": "openid profile email offline_access"
}
},
{
"urlRegexs": ["nonprod.test.com"],
"urlMethods": ["GET"],
"auth0AuthType": "Bearer",
"domain": "https://auth-nonprod.test.com",
"clientId": "clientIdNonProd",
"authorizationParams": {
"audience": "https://api.nonprod.test.com/gateway/graphql",
"scope": "openid profile email offline_access"
}
}
],
"auth0HttpServerPort": 3000
}
- Set up Github Actions