You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A PartyServer mixin for adding OAuth 2.0 JWT Bearer Token authentication to your PartyServer applications.
3
+
A PartyServer mixin for adding OAuth 2.0 JWT Bearer Token authentication to your PartyServer applications, with Auth0 support.
4
4
5
5
It should work with:
6
6
@@ -9,16 +9,16 @@ It should work with:
9
9
10
10
## Overview
11
11
12
-
This package provides a mixin that adds authentication functionality to a PartyServer server using [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://datatracker.ietf.org/doc/html/rfc9068). It allows you to secure your PartyServer applications by validating access tokens from requests and connections.
12
+
This package provides a mixin that adds authentication functionality to a PartyServer server using [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://datatracker.ietf.org/doc/html/rfc9068). It allows you to secure your PartyServer applications by validating access tokens from requests and connections, with built-in support for Auth0.
The `WithOwnership` mixin adds ownership capabilities to a PartyServer that already has authentication provided by the `WithAuth` mixin. This is particularly useful for scenarios where you need to restrict access to resources based on ownership, such as private chats or user-specific data.
258
+
259
+
### Key Features
260
+
261
+
- Owner-based access control for connections and requests
262
+
- Integration with Durable Objects for persistent ownership data
263
+
- Automatic rejection of non-owner access attempts
Sets the owner of the object. By default, it will throw an error if the owner is already set to a different user unless `overwrite` is set to `true`.
293
+
294
+
**Parameters:**
295
+
296
+
-`owner`: The user ID (sub from JWT claims) to set as the owner
297
+
-`overwrite`: Optional boolean to allow overwriting an existing owner
298
+
299
+
**Example:**
300
+
301
+
```typescript
302
+
// When initializing a new chat or resource
303
+
asynconCreate() {
304
+
const claims =this.getClaims();
305
+
if (claims?.sub) {
306
+
awaitthis.setOwner(claims.sub);
307
+
}
308
+
}
309
+
```
310
+
311
+
#### `getOwner(): Promise<string | undefined>`
312
+
313
+
Gets the current owner of the object.
314
+
315
+
**Returns:**
316
+
317
+
- The user ID (sub) of the owner, or undefined if no owner is set
318
+
319
+
**Example:**
320
+
321
+
```typescript
322
+
asynccheckOwnership() {
323
+
const owner =awaitthis.getOwner();
324
+
console.log(`This resource is owned by: ${owner}`);
325
+
}
326
+
```
327
+
328
+
### Authorization Flow
329
+
330
+
1. When a client makes a request or connection:
331
+
332
+
- First, the authentication checks are performed by the `WithAuth` mixin
333
+
- Then, the ownership check verifies if the authenticated user is the owner
334
+
335
+
2. If the ownership check succeeds:
336
+
337
+
- The `onAuthorizedConnect` or `onAuthorizedRequest` method is called
338
+
- The connection or request is allowed to proceed
339
+
340
+
3. If the ownership check fails:
341
+
- For WebSocket connections: Connection is closed with code 1008 and message "This chat is not yours."
342
+
- For HTTP requests: A 403 Forbidden response is returned with message "This chat is not yours."
343
+
344
+
### DurableObject Integration
345
+
346
+
The `WithOwnership` mixin is designed to work with Cloudflare DurableObjects for storing ownership data. The mixin uses the DurableObject's storage API to persist ownership information.
347
+
348
+
**Note:** If you're not using DurableObjects, you'll need to override the `setOwner` and `getOwner` methods to implement your own storage mechanism.
349
+
196
350
## References
197
351
352
+
- This project uses the Auth0 API Client to verify access tokens: [@auth0/auth0-api-js](https://github.com/auth0/auth0-api-js)
198
353
- This project is similar to other Auth0 middlewares like [node-oauth2-jwt-bearer](https://github.com/auth0/node-oauth2-jwt-bearer).
199
354
-[Authentication on PartyKit](https://docs.partykit.io/guides/authentication/).
0 commit comments