Overview
This is a demo of an Auth0 integration using their API, KurocoEdge and a Cloudflare Worker. It is an implementation of the Authorization Code Flow and a showcase of how page protection and back-end API access can be handled using the permissions set in Auth0.
All the existing pages are presented here in order to show how permissions are used. Of course, for a real application, pages inaccessible to the user would not have any link displayed for.
There are 4 types of path:
- Public pages that are accessible without login
- Protected pages that are accessible only if the user is logged in and has a certain permission
- Non-existing pages that will result in 404 - Not Found whether the user is logged in or not
- API paths that would be used if the front-end needs data from a back-end API
Protected pages
| Permission | Page/Link |
|---|---|
| front:products | View all products |
| front:products:id | View product 1 |
| front:products:id:edit | Edit product 1 |
Non-existing page
API access
No specific permission needed but the Auth0 JWT payload must be in the kuroco_edge_jwt. The idea is that for specific endpoints like GET /api/v1/products, a permission like products:getAll has to be set.
For now, any call to an /api/v1/* endpoint will display the HTTP method of the request, the URL of the request and the user's permissions.