JWT Validator for Auth0 (https://auth0.com/) that caches public JWKS (since there is a limit on calls to public JWKS URL)
Example securing a GraphQL
server using chi-router
:
package main
import (
"log"
"net/http"
"os"
"github.com/99designs/gqlgen/graphql/handler"
"github.com/99designs/gqlgen/graphql/playground"
"github.com/dragonlobster/auth0-jwt-cache/auth"
"github.com/dragonlobster/example-repo/example"
"github.com/dragonlobster/example-db-connection/common"
"github.com/go-chi/chi/v5"
)
const defaultPort = "8080"
func main() {
pool, err := common.ConnectToDB()
if err == nil {
log.Printf("Connected to DB")
}
port := os.Getenv("PORT")
if port == "" {
port = defaultPort
}
config := generated.Config{Resolvers: &graph.Resolver{
ExampleRepo: example.ExampleRepo{Pool: pool},
}}
srv := handler.NewDefaultServer(generated.NewExecutableSchema(config))
playground := playground.Handler("GraphQL playground", "/query")
cert := auth.CachedCert{
JWKSUrl: PUBLIC_JWKS_URL,
Aud: AUDIENCE,
Iss: ISSUER,
}
auth0_validator, _ := cert.ValidateToken()
router := chi.NewRouter()
router.Handle("/", auth0_validator.Handler(playground))
router.Handle("/query", auth0_validator.Handler(srv))
log.Printf("connect to http://localhost:%s/ for GraphQL playground", port)
log.Fatal(http.ListenAndServe(":"+port, router))
}
The above code secures /
and /query
endpoint with jwt middleware that validates a JWT (signed with private key) using auth0 public JWKS url, its audience, and issuer - sending a request to these endpoints will require a valid JWT to be in Authorization header as bearer: Authorization: Bearer abcd123456
TODO:
- Tests
❌ - Add scope validation
❌