Authentication of external users with Auth0.com

restdb.io provides an authentication system that secures access to your database application. External users can sign up and log in to your application and get secure access to data and APIs.

Check out this simple example with complete code example here. Also read this blog post for a complete To-Do application.

Auth0 authentication

restdb.io supports direct integration with the auth0.com authentication service. If you are new to Auth0, get started here: Auth0 quick start for single page applications.

Set up client ID and client Secret from Auth0

  1. Auth0: Create a new client in your Auth0 account
  2. Auth0: Pick framework (e.g. "Single Page Web Application"), then select your client framework, e.g. Javascript Single Page Application
  3. Auth0: Add allowed callback URLs, typically your application start URL.
  4. Auth0: When signing your JWT with RSA256 algorithm, make sure to copy the private signing key from Auth0 into RestDB. You'll find it under the advanced tab in Auth0 auth0 certificate
  5. RestDB: Navigate to database Settings/Authentication. Enable the authentication checkbox and copy the Client ID, Client Secret and private signing key (for RSA256 signed tokens). auth0 settings in restdb

Add users from Auth0 to your restdb.io database

An optional step for the Auth0 integration is to transfer signed up users from Auth0 to your restdb.io database. The users can be added to the predefined collection "users". Or you can create a new collection to store user data.

Create a new empty rule in Auth0 and add the following JavaScript code to the rule. This rule will add a user to the database at first login.

    function (user, context, callback) {
      // short-circuit if the user signed up already
      if (context.stats.loginsCount > 1) {
        console.log("seen user before");
        return callback(null, user, context);
      }
      var _ = require('lodash');

      var small_context = {
        appName: context.clientName,
        userAgent: context.userAgent,
        ip: context.ip,
        connection: context.connection,
        strategy: context.connectionStrategy
      };

      var payload_to_restdb = _.extend({}, user, small_context);
      payload_to_restdb.roles = ["external", "somerole"];
      payload_to_restdb.active = true;
      console.log("Calling restdb.io");
      var request = require("request");
      delete payload_to_restdb._id;
      var options = { method: 'POST',
      url: 'https://<your_database_url_here>/rest/users',
      headers: { 
         'cache-control': 'no-cache',
         'x-apikey': '<your_fullaccess_api_key_here>',
         'content-type': 'application/json'},
          body: payload_to_restdb,
      json: true };

      request(options, function (error, response, body) {
      if (error) throw new Error(error);
        console.log(body);
      });

      // don’t wait for the restdb.io call to finish, return right away (the request will continue on the sandbox)`
      callback(null, user, context);
    }

restdb.io authentication API

Http VerbResourceFunctionality
POSThttps://<database>/auth/jwtGenerate a new JWT token. Body must contain a path to a secret and a payload with JWT claims, e.g {"secret": "path from global settings", "payload": {"email": "xxx@example.com"}}
POSThttps://<database>/auth/tokenRequest an API access token (e.g.{ token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ…", iat: 1472191246, exp: 1472194846 }). Request body can be an access token ({"code": "your access code"}) or a valid API token that should be refreshed ({"refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ…"}).
GEThttps://<database>/auth/userinfoGet data about a user. Returns email, displayname and image.
POSThttps://<database>/auth/logoutLogout a user, invalidates the login token. This token can no longer be used for API access.