Skip to content

Authorization Support for withAuthenticationRequired#874

Closed
Lunia98 wants to merge 1 commit intomainfrom
protect-by-route
Closed

Authorization Support for withAuthenticationRequired#874
Lunia98 wants to merge 1 commit intomainfrom
protect-by-route

Conversation

@Lunia98
Copy link
Copy Markdown

@Lunia98 Lunia98 commented Aug 7, 2025

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Caution

This PR includes changes that depend on this other PR in auth0-spa-js. When that one is merged and a release is done, we have to update the dependency before this PR can be merged.

Description

Adds checking to the withAuthenticationRequired HOC, enabling route protection based on specific permissions (audience/scope) rather than just authentication status.

  • Auto-injects audience/scope into getAccessTokenSilently calls
  • Preserves explicit parameters while filling in missing ones
  • Eliminates need to manually pass tokens scopes repeatedly
  • Optional onError prop for custom authorization error UI
  • Default "Access Denied" component when no custom error provided
    Usage
// Protect admin routes with specific permissions
const AdminRoute = withAuthenticationRequired(AdminPanel, {
  loginOptions: {
    authorizationParams: { scope: 'read:admin write:admin' }
  },
  onError: () => <CustomAccessDenied />
});

// Components automatically get scoped tokens
function ProtectedComponent() {
  const { getAccessTokenSilently } = useAuth0();
  // This call includes audience/scope from withAuthenticationRequired
  const token = await getAccessTokenSilently();
}

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@Lunia98 Lunia98 self-assigned this Aug 7, 2025
@yogeshchoudhary147
Copy link
Copy Markdown
Contributor

yogeshchoudhary147 commented Dec 18, 2025

Closing this as part of our backlog cleanup (internal PRs > 3 months old).

The branch is preserved, so feel free to reopen if this becomes active again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Lunia98 Lunia98

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lunia98 @yogeshchoudhary147