This App was made to suplement the admin dashboard for an Auth0 user to view all their apps (clients in Auth0 lingo) in their account (tenant) and the rules within those apps.
What are rules?
- Rules in Auth0 are custom JavaScript code that lives in Auth0's servers and can be used to customize your apps.
- Auth0 has Rule templates that can be used to customize rules for a specific apps, such as "Whitelist for a specific app" or "Allow access during weekdays for a specific app"
- You can also pull data from other sources and add it to the user profile, through rules.
These templates contain code that can be customized to apply to a particular app by name or id:
function (user, context, callback) {
if (context.clientName === 'NameOfAppToCheckAccessTo') {
// do something
}
callback(null, user, context);
}This app makes use of Auth0's management API to get all apps within an account and all the rules within them.
To get all clients we make use of JavaScript's async/await feature to call getClients endpoint from the Management API to paginate a list of all apps (and do a similar call for getRules, not shown. To see complete logic of how we were able to retrieve all your clients and rules within them, please see listRulesRouter.js file.):
//Recursive function to iterate through all the clients by calling getClientsPage
async function getClients(management, pagination) {
let allClients = [];
var clientPage = await getClientPage(management,pagination)
allClients.push( clientPage );
if ( clientPage.length > 0 ) {
pagination.page = pagination.page + 1;
console.log ( 'We got ' + clientPage.length + ' results with pagination of ' + pagination.per_page );
allClients.push(await getClients(management, pagination));
} else {
console.log ( 'We got ' + clientPage.length + ' results with pagination of ' + pagination.per_page );
return;
}
return allClients.flat();
}
async function getClientPage(management, pagination ) {
return await management.getClients(pagination).then(function(clients) {
return clients;
})
}** Note: to see the complete functions, see code in listRulesRouter.js file**
To get all rules that belong to an app, we use regex to match the line for client. The parentheses will capture the client name from the object. (It should be index 2 in the array on a match).
var clientMatch = /context.clientName (===|!==|==|!=) '(.*?)'/;Next, we use the clientMatch variable to find the rules tied to a particular client(app):
for( var i = 0; i < rules.length; i++ ) {
if ( rules[i] != undefined ) {
var match = clientMatch.exec( rules[i]['script'] );
if (match != null ) {
// We have found the line to tie this rule to an app.
// As noted above, index 2 should be the app name.
ruleList[ match[2] ].push( rules[i]['name']);
} else {
for ( var key in ruleList) {
// We did not find the line in the script for this rule. Assuming this should apply to ALL apps.
ruleList[ key ].push(rules[i]['name']);
}
}
}
}
- Install the dependencies.
npm install && npm start- Rename
.env.exampleto.envand replace the values forAUTH0_CLIENT_ID,AUTH0_DOMAIN, andAUTH0_CLIENT_SECRETwith your Auth0 credentials. If you don't yet have an Auth0 account, sign up for free.
# copy configuration and replace with your own
cp .env.example .env- Run the app.
npm startThe app will be served at localhost:3000.
-
Clone the repo and run
npm install && start -
Navigate to Auth0 dashboard -> Applications -> Settings and add
http://localhost:3000/callbackandhttp://localhost:3000/to your application's Allowed Callback URLs and Allowed Logout URLs. Like so:
-
Navigate to Management API page and update your scope/permissions for your app to include these 3 scopes to get your API token:
- read:rules
- read:clients
- read:clients_keys
-
Enter your API token and tenant name with
auth0.comand find out all your apps and corresponding rules!
-
Auth0's blog on Creating Simple and Secure NodeJS app with Authentication: Used to add authentication into this app
-
Auth0's Management API: Management client was used to get all clients and rules (the meat of the application)
-
Pug templating library: JS Template library used in this app