Auth0 and Hono
I am building an SPA in angular to run on cloudflare with Hono as the back end. I'm trying to add some third party user authentication so I don't have to do it myself, and as this is a small project, Auth0 seems fine. The front-end part of angular+auth0 is working, however, I cannot get the back-end to work. I've tried both the auth-js middleware with an Auth0 provider, as well as just using the OIDC middleware and the jwt middleware.
The auth-js just rejects the token (I have verified that the token was being sent), while the OIDC gives me a CORS error. I have no idea which of these is even close to working. I am also okay just switching to something else as long as its simple to implement in angular (better-auth has no angular support nor could I find any easy examples). I'm not terribly knowledgeable about this sort of thing, so I apologize if I get terminology wrong. Is there a good example of how to implement either the OIDC middleware or the auth-js middleware? Auth0 has an express example doing something with JWT, but I think its the same as the JWT in hono.
2 Replies
That sounds like an auth0 configuration issue, have you tried setting up a stub API and implementing a view within your webapp? It would at least show you where the issue is
So I can validate against the Auth0 API in my app itself, but I cannot figure out how to validate on the backend. Let me ask this question: What exactly is required to validate on the backend. Do I just need to validate the token against some static data, or do I need to have the backend also talk to the Auth0 to get some info separately?
But I'm trying to do a most basic level of "Okay, I want to protect this section" with a single call once I've signed into Auth0 and gotten that loaded into my angular page, and I just keep getting 401 errors. I am open to suggestions as to what I can do to debug this further. I'm running this all via wrangler
I have, in the past, done a JWT based authentication thing and hated it and didn't want to do it again since I wanted to take this project more seriously.
So I think I am having some? luck with the hono/oidc-auth. What I'm trying to figure out is how do I validate my JWT bearer token using this library so that I can understand which user is trying to access information on my backend, it looks like getAuth() should do that, but I'm getting null back despite whatever the bearer token is (And I think I've configured the backend)?
Also, what, exactly, does the oidcAuthMiddleware do? Is it supposed to handle both this sort of JWT token verification as well as maintaining a valid token? Is it just a way to handle the tokens?
For anyone coming up behind me on this, take a look at the JWK middleware. In terms of just checking if a user is authorized and has an appropriate bearer token, that actually handles it.