Pluggable auth system based on JWT tokens
Pre-release
In this release, we have extended the auth system to be able to use 3rd party auth providers like Auth0, Cognito, Firebase, or custom implementations using standard Jason Web Tokens (JWT) for authenticating and authorizing Commands and Read Models. In that way, you are not forced to use the Booster internal auth APIs, and it’s easier to integrate Booster services in existing microservice-based systems.
In this version, we have kept the role classes as the way to define application roles, so in order to use a JWT-based auth provider, you must include the expected roles in your ID tokens in the custom:roles claim. To let Booster know how to decode 3rd party provided tokens, you have to configure a tokenVerifier object filling the jwksUri and issuer properties.
The jwksUri is the URI where your auth provider publishes their JWKs (which are used for signing the JWT tokens). The issuer should be provided as well by the auth provider, but it usually matches with the provider domain, so please check provider documentation to find those parameters.
Here is a sample configuration:
Booster.configure('development', (config: BoosterConfig): void => {
config.appName = 'awesome-app'
config.provider = AWSProvider
config.tokenVerifier = {
jwksUri: 'https://myauth0app.auth0.com/.well-known/jwks.json',
issuer: 'myauth0app.auth0.com'
}
})
For more information, please refer to our official documentation.