Gathering detailed insights and metrics for @auth0/angular-jwt
Gathering detailed insights and metrics for @auth0/angular-jwt
Helper library for handling JWTs in Angular apps
Installations
npm install @auth0/angular-jwtDeveloper
auth0
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
No
Node Version
18.18.2
NPM Version
9.8.1
Statistics
2,633 Stars
529 Commits
485 Forks
86 Watching
11 Branches
102 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (93.24%)
JavaScript (5.92%)
HTML (0.66%)
SCSS (0.18%)
Total Downloads
Cumulative downloads
Total Downloads
45,004,357
Last day
-11.4%
40,363
Compared to previous day
Last week
-4.5%
215,629
Compared to previous week
Last month
15.1%
928,093
Compared to previous month
Last year
9%
9,879,967
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Versions
:books: Documentation - :rocket: Getting Started - :computer: API Reference - :speech_balloon: Feedback
Documentation
- Examples - code samples for common angular-jwt authentication scenario's.
- Docs site - explore our docs site and learn more about Auth0.
This library provides an HttpInterceptor which automatically attaches a JSON Web Token to HttpClient requests.
This library does not have any functionality for (or opinion about) implementing user authentication and retrieving JWTs to begin with. Those details will vary depending on your setup, but in most cases, you will use a regular HTTP request to authenticate your users and then save their JWTs in local storage or in a cookie if successful.
Getting started
Requirements
This project only supports the actively supported versions of Angular as stated in the Angular documentation. Whilst other versions might be compatible they are not actively supported
Installation
1# installation with npm 2npm install @auth0/angular-jwt 3 4# installation with yarn 5yarn add @auth0/angular-jwt
Configure the SDK
Import the JwtModule module and add it to your imports list. Call the forRoot method and provide a tokenGetter function. You must also add any domains to the allowedDomains, that you want to make requests to by specifying an allowedDomains array.
Be sure to import the HttpClientModule as well.
1import { JwtModule } from "@auth0/angular-jwt"; 2import { HttpClientModule } from "@angular/common/http"; 3 4export function tokenGetter() { 5 return localStorage.getItem("access_token"); 6} 7 8@NgModule({ 9 bootstrap: [AppComponent], 10 imports: [ 11 // ... 12 HttpClientModule, 13 JwtModule.forRoot({ 14 config: { 15 tokenGetter: tokenGetter, 16 allowedDomains: ["example.com"], 17 disallowedRoutes: ["http://example.com/examplebadroute/"], 18 }, 19 }), 20 ], 21}) 22export class AppModule {}
Any requests sent using Angular's HttpClient will automatically have a token attached as an Authorization header.
1import { HttpClient } from "@angular/common/http"; 2 3export class AppComponent { 4 constructor(public http: HttpClient) {} 5 6 ping() { 7 this.http.get("http://example.com/api/things").subscribe( 8 (data) => console.log(data), 9 (err) => console.log(err) 10 ); 11 } 12}
Using with Standalone Components
If you are using bootstrapApplication to bootstrap your application using a standalone component, you will need a slightly different way to integrate our SDK:
1import { JwtModule } from "@auth0/angular-jwt"; 2import { provideHttpClient, withInterceptorsFromDi } from "@angular/common/http"; 3 4export function tokenGetter() { 5 return localStorage.getItem("access_token"); 6} 7 8bootstrapApplication(AppComponent, { 9 providers: [ 10 // ... 11 importProvidersFrom( 12 JwtModule.forRoot({ 13 config: { 14 tokenGetter: tokenGetter, 15 allowedDomains: ["example.com"], 16 disallowedRoutes: ["http://example.com/examplebadroute/"], 17 }, 18 }), 19 ), 20 provideHttpClient( 21 withInterceptorsFromDi() 22 ), 23 ], 24});
As you can see, the differences are that:
- The SDK's module is included trough
importProvidersFrom. - In order to use the SDK's interceptor,
provideHttpClientneeds to be called withwithInterceptorsFromDi.
API reference
Read our API reference to get a better understanding on how to use this SDK.
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
- Auth0's general contribution guidelines
- Auth0's code of conduct guidelines
- This repo's contribution guide
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/auth0/.github/.github/SECURITY.md:1
- Info: Found linked content: github.com/auth0/.github/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/auth0/.github/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/auth0/.github/.github/SECURITY.md:1
Reason
SAST tool detected
Details
- Info: SAST configuration detected: Snyk
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
Found 13/14 approved changesets -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 7
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/auth0/angular2-jwt/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/auth0/angular2-jwt/build.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/auth0/angular2-jwt/npm-release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semgrep.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/auth0/angular2-jwt/semgrep.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/snyk.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/auth0/angular2-jwt/snyk.yml/main?enable=pin
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Info: 'stale review dismissal' is required to merge on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Info: codeowner review is required on branch 'main'
- Info: 'last push approval' is required to merge on branch 'main'
- Warn: no status checks found to merge onto branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/build.yml:14
- Warn: no topLevel permission defined: .github/workflows/npm-release.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10
- Warn: no topLevel permission defined: .github/workflows/semgrep.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/snyk.yml:17
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
27 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Score
5.7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More