Gathering detailed insights and metrics for @bcwdev/auth0-vue
Gathering detailed insights and metrics for @bcwdev/auth0-vue
Installations
npm install @bcwdev/auth0-vueDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
13.14.0
NPM Version
6.14.4
Score
70.4
Supply Chain
98.5
Quality
76
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Contributors
1
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
validate.email 🚀
Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.
Developer
jakeoverall
Download Statistics
Total Downloads
4,800
Last Day
1
Last Week
1
Last Month
30
Last Year
422
GitHub Statistics
1 Stars
26 Commits
1 Forks
2 Watchers
6 Branches
1 Contributors
Updated on Mar 21, 2024
Maintainers
1
Package Meta Information
Latest Version
0.1.2
Package Id
@bcwdev/auth0-vue@0.1.2
Unpacked Size
42.26 kB
Size
8.83 kB
File Count
7
NPM Version
6.14.4
Node Version
13.14.0
Total Downloads
Cumulative downloads
Total Downloads
4,800
Last Day
0%
1
Compared to previous day
Last Week
-66.7%
1
Compared to previous week
Last Month
7.1%
30
Compared to previous month
Last Year
-48.9%
422
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
2
@bcwdev/auth0-vue
Vue3.js Updates
1export const AuthService = initializeAuth({
2 domain,
3 clientId,
4 audience,
5 onRedirectCallback: appState => {
6 router.push(
7 appState && appState.targetUrl
8 ? appState.targetUrl
9 : window.location.pathname
10 )
11 }
12})
13
14AuthService.on(AuthService.AUTH_EVENTS.AUTHENTICATED, async () => {
15 AppState.user = AuthService.user
16 $resource.defaultHeaders.Authorization = AuthService.bearer
17 await profileService.getProfile()
18})
19AuthService.on(AuthService.AUTH_EVENTS.LOADED, () => {
20 AppState.$auth = reactive(AuthService)
21})
22CDN
1<script src="https://cdn.jsdelivr.net/gh/jakeoverall/auth0-vue/auth0provider.min.js">
This library is a small wrapper around auth0-spa-js. It is extended beyond the simple scale that is used in the auth0 tutorial. Added features include getting the userInfo and identity on login.
REQUIRED: Enable RBAC in you application for the full set of features in this app. You can also add the following rule to retrieve more information in your userInfo
1// AUTH0 RULE 2function (user, context, callback) { 3 // please note auth0 will strip any non namespaced properties 4 const namespace = 'https://YOURDOMAIN.auth0.com'; 5 const assignedRoles = (context.authorization || {}).roles; 6 7 let idTokenClaims = context.idToken || {}; 8 9 idTokenClaims[`${namespace}/roles`] = assignedRoles; 10 context.idToken = idTokenClaims; 11 context.idToken[namespace + '/user_metadata'] = user.user_metadata; 12 context.idToken[namespace + '/app_metadata'] = user.app_metadata; 13 14 // namespaced properties are reduced to simple properties by this libary 15 // so in vue you can access userInfo.app_metadata directly 16 17 callback(null, user, context); 18}
Fetching this extra data allows us to extend the basic methods for validating user roles and permissions.
On login $auth.getUserData() will be triggered
Vue 2 Only
Install
1import Vue from "vue"; 2import { Auth0Plugin } from "@bcwdev/auth0-vue/vue2"; 3// you will get these from your auth0 dashboard 4import { domain, clientId, audience } from "./authconfig"; 5 6Vue.use(Auth0Plugin, { 7 domain, 8 clientId, 9 audience, 10 onRedirectCallback: appState => { 11 router.push( 12 appState && appState.targetUrl 13 ? appState.targetUrl 14 : window.location.pathname 15 ); 16 } 17});
$auth
You can access any of the following state properties directly from your vue components using this.$auth
1// $auth state 2{ 3 loading: true, 4 isAuthenticated: false, 5 user: {}, 6 userInfo: {}, 7 identity: {}, 8 bearer: "", 9} 10 11// $auth methods 12{ 13 /** 14 * Sets userInfo, identity and bearer 15 * @returns {Promise<void>} 16 */ 17 getUserData() 18 19 /** 20 * Depends on UserData 21 * @param {string[] | string} permissions 22 * @returns {boolean} 23 */ 24 hasPermissions(permissions) {}, 25 26 /** 27 * Depends on UserData 28 * @param {string[] | string} roles 29 * @returns {boolean} 30 */ 31 hasRoles(roles) {}, 32} 33
Caution:
$auth.identityis easily modifed on the client and therefore cannot be trusted when making server side decisions. Your server should use the bearer token and the auth0 api when handeling requests see @bcwdev/auth0provider
Conditional rendering in vue templates based on roles or permissions can be accomplished directly from the $auth property
1<div v-if="$auth.hasRoles('admin')"> 2 <p>Only an admin can see me</p> 3</div>
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
Found 0/26 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/npmpublish.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/jakeoverall/auth0-vue/npmpublish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/jakeoverall/auth0-vue/npmpublish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jakeoverall/auth0-vue/npmpublish.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/npmpublish.yml:12
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Score
2.2
/10
Last Scanned on 2025-02-24
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More