View passport-auth0 on Snyk Open Source Advisor

Package Health Score

75 / 100

security
No known security issues
popularity
Recognized
maintenance
Healthy
community
Sustainable

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
1.4.4	\|	10/2023	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.3.3	\|	06/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.6.1	\|	12/2017		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.5.2	\|	06/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.4.1	\|	08/2015		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Recognized

Weekly Downloads (67,854)

GitHub Stars: 286
Forks: 93
Contributors: 50

Direct Usage Popularity

The npm package passport-auth0 receives a total of 67,854 downloads a week. As such, we scored passport-auth0 popularity level to be Recognized.

Based on project statistics from the GitHub repository for the npm package passport-auth0, we found that it has been starred 286 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 50
Funding: No

With more than 10 contributors for the passport-auth0 repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like passport-auth0 is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 0
Open PR: 2
Last Release: 6 months ago
Last Commit: 3 months ago

Further analysis of the maintenance status of passport-auth0 based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that passport-auth0 demonstrates a positive version release cadence with at least one new version released in the past 12 months.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: not defined

Age: 11 years
Dependencies: 3 Direct
Versions: 38
Install Size: 71.1 kB
Dist-tags: 1
# of Files: 28
Maintainers: 44
TS Typings: Yes

passport-auth0 has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use passport-auth0?

To help you get started, we've collected the most common ways that passport-auth0 is being used within popular public projects.

cassioscabral / rateissuesfront / src / core / passport.js View on Github

{model: UserLogin, as: 'logins'},
      {model: UserClaim, as: 'claims'},
      {model: UserProfile, as: 'profile'}
    ]
  })
}

/**
 * Sign in with auth0.
 */
let callbackURL = '/login/auth0/return'
if (process.env.NODE_ENV === 'development') {
 callbackURL = 'http://localhost:3001/login/auth0/return'
}

passport.use(new Auth0Strategy({
  domain: env.auth0.CLIENT_DOMAIN,
  clientID: env.auth0.CLIENT_ID,
  clientSecret: env.auth0.CLIENT_SECRET,
  callbackURL,
  profileFields: ['name', 'email', 'link', 'locale', 'timezone'],
  passReqToCallback: true
}, (req, accessToken, refreshToken, profile, done) => {
  /* eslint-disable no-underscore-dangle */
  const authenticate = async () => {
    let user = null
    let userToken = {}

    // req.user recived from jwt cookie's token
    if (req.user) {
      user = await UserLogin.findOne({
        attributes: ['name', 'key'],

View more ways to use passport-auth0

The Auth0 authentication strategy for Passport.js, an authentication middleware for Node.js that can be unobtrusively dropped into any Express-based web application.

📚 Documentation - 🚀 Getting Started - 💬 Feedback

Documentation

Docs site - explore our docs site and learn more about Auth0.

Getting started

> ℹ️ Maintenance Advisory: With the release of https://github.com/auth0/express-openid-connect, we will no longer be adding new features to this library, however we will continue to maintain this library and fix issues. You can read more about the release of our new library at https://auth0.com/blog/auth0-s-express-openid-connect-sdk/

Installation

The Auth0 Passport strategy is installed with npm.

npm install passport-auth0

Customization

State parameter

The Auth0 Passport strategy enforces the use of the state parameter in OAuth 2.0 authorization requests and requires session support in Express to be enabled.

If you require the state parameter to be omitted (which is not recommended), you can suppress it when calling the Auth0 Passport strategy constructor:

const Auth0Strategy = require('passport-auth0');
const strategy = new Auth0Strategy({
     // ...
     state: false
  },
  function(accessToken, refreshToken, extraParams, profile, done) {
    // ...
  }
);

Scopes

If you want to change the scope of the ID token provided, add a scope property to the authenticate configuration passed when defining the route. These must be OIDC standard scopes. If you need data outside of the standard scopes, you can add custom claims to the token.

app.get(
	'/login',
	passport.authenticate('auth0', {scope: 'openid email profile'}), 
	function (req, res) {
		res.redirect('/');
	}
);

Force a Specific IdP

If you want to force a specific identity provider you can use:

app.get(
	'/login/google',
	passport.authenticate('auth0', {connection: 'google-oauth2'}), 
	function (req, res) {
		res.redirect('/');
	}
);

If you force an identity provider you can also request custom scope from that identity provider:

app.get(
	'/login/google', 
	passport.authenticate('auth0', {
		connection: 'google-oauth2',
		connection_scope: 'https://www.googleapis.com/auth/analytics, https://www.googleapis.com/auth/contacts.readonly'
	}), 
	function (req, res) {
		res.redirect('/');
	}
);

Getting Access Tokens

If you want to specify an audience for the returned access_token you can:

app.get(
	'/login',
	passport.authenticate('auth0', {audience: 'urn:my-api'}), 
	function (req, res) {
	  res.redirect('/');
	}
);

Silent Authentication

If you want to check authentication without showing a prompt:

app.get(
	'/login',
	passport.authenticate('auth0', {prompt: 'none'}), 
	function (req, res) {
		res.redirect('/');
	}
);

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.

passport-auth0 dependencies

axios passport-oauth passport-oauth2

passport-auth0 development dependencies

jws mocha should

FAQs

What is passport-auth0?

Auth0 platform authentication strategy for Passport.js. Visit Snyk Advisor to see a full health score report for passport-auth0, including popularity, security, maintenance & community analysis.

Is passport-auth0 popular?

The npm package passport-auth0 receives a total of 67,854 weekly downloads. As such, passport-auth0 popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is passport-auth0 well maintained?

We found that passport-auth0 demonstrated a healthy version release cadence and project activity. It has a community of 50 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is passport-auth0 safe to use?

The npm package passport-auth0 was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 15 April-2024, at 09:21 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP