chore(auth): mv auth providers into sep pkgs

packages/auth-providers-api/package.json

@@ -25,64 +25,34 @@
   "dependencies": {
     "@babel/runtime-corejs3": "7.20.6",
     "core-js": "3.26.1",
-    "jsonwebtoken": "8.5.1",
-    "uuid": "9.0.0"
+    "jsonwebtoken": "8.5.1"
   },
   "devDependencies": {
-    "@auth0/auth0-spa-js": "1.22.5",
-    "@azure/msal-browser": "2.30.0",
     "@babel/cli": "7.19.3",
     "@babel/core": "7.20.5",
-    "@clerk/clerk-js": "3.17.0",
-    "@clerk/clerk-react": "3.5.1",
-    "@clerk/clerk-sdk-node": "3.9.2",
-    "@clerk/types": "2.21.0",
     "@magic-sdk/admin": "1.4.1",
     "@nhost/hasura-auth-js": "1.4.1",
     "@nhost/nhost-js": "1.4.10",
     "@okta/jwt-verifier": "2.6.0",
     "@okta/okta-auth-js": "6.9.0",
-    "@redwoodjs/auth": "3.2.0",
-    "@redwoodjs/cli-helpers": "3.2.0",
-    "@simplewebauthn/browser": "6.2.1",
-    "@simplewebauthn/typescript-types": "6.2.1",
-    "@supabase/supabase-js": "1.35.7",
+    "@redwoodjs/api": "3.2.0",
+    "@types/aws-lambda": "8.10.107",
     "@types/jsonwebtoken": "8.5.9",
-    "@types/netlify-identity-widget": "1.9.3",
-    "@types/react": "17.0.50",
-    "@types/uuid": "8.3.4",
-    "firebase": "9.10.0",
-    "firebase-admin": "10.3.0",
     "gotrue-js": "0.9.29",
     "jest": "29.3.1",
     "magic-sdk": "9.1.1",
-    "netlify-identity-widget": "1.9.2",
-    "react": "17.0.2",
-    "supertokens-auth-react": "0.26.5",
     "typescript": "4.7.4"
   },
   "peerDependencies": {
-    "@clerk/clerk-react": "3.5.1",
-    "@clerk/clerk-sdk-node": "3.9.2",
     "@magic-sdk/admin": "1.4.1",
-    "@okta/jwt-verifier": "2.6.0",
-    "firebase-admin": "10.3.0"
+    "@okta/jwt-verifier": "2.6.0"
   },
   "peerDependenciesMeta": {
-    "@clerk/clerk-react": {
-      "optional": true
-    },
-    "@clerk/clerk-sdk-node": {
-      "optional": true
-    },
     "@magic-sdk/admin": {
       "optional": true
     },
     "@okta/jwt-verifier": {
       "optional": true
-    },
-    "firebase-admin": {
-      "optional": true
     }
   },
   "gitHead": "3905ed045508b861b495f8d5630d76c7a157d8f1"

packages/auth-providers-api/src/index.ts

@@ -1,11 +1,5 @@
-export { authDecoder as clerkAuthDecoder } from './clerk/decoder'
-export { authDecoder as dbAuthAuthDecoder } from './dbAuth/decoder'
 export { authDecoder as ethereumAuthDecoder } from './ethereum/decoder'
 export { authDecoder as goTrueAuthDecoder } from './goTrue/decoder'
 export { authDecoder as magicLinkAuthDecoder } from './magicLink/decoder'
 export { authDecoder as nhostAuthDecoder } from './nhost/decoder'
 export { authDecoder as oktaAuthDecoder } from './okta/decoder'
-export { authDecoder as supabaseAuthDecoder } from './supabase/decoder'
-export { authDecoder as supertokensAuthDecoder } from './supertokens/decoder'
-
-export { hashPassword, DbAuthHandler, DbAuthHandlerOptions } from './dbAuth'

packages/auth-providers-setup/jest.config.js

@@ -1,5 +1,4 @@
 /** @type {import('@jest/types').Config.InitialOptions} */
 module.exports = {
-  testEnvironment: 'jest-environment-jsdom',
   testPathIgnorePatterns: ['fixtures', 'dist'],
 }

packages/auth-providers-setup/package.json

@@ -24,16 +24,13 @@
   },
   "dependencies": {
     "@babel/runtime-corejs3": "7.20.6",
-    "@redwoodjs/auth": "3.2.0",
     "@redwoodjs/cli-helpers": "3.2.0",
-    "core-js": "3.26.1",
-    "secure-random-password": "0.2.3"
+    "core-js": "3.26.1"
   },
   "devDependencies": {
     "@babel/cli": "7.19.3",
     "@babel/core": "7.20.5",
-    "@types/react": "17.0.50",
-    "@types/secure-random-password": "0.2.1",
+    "@types/yargs": "17.0.13",
     "jest": "29.3.1",
     "typescript": "4.7.4"
   },

packages/auth-providers-setup/src/index.ts

@@ -1,9 +1,5 @@
-export * as setupAuthClerkCommand from './clerk/setup'
-export * as setupAuthDbAuthCommand from './dbAuth/setup'
 export * as setupAuthEthereumCommand from './ethereum/setup'
 export * as setupAuthGoTrueCommand from './goTrue/setup'
 export * as setupAuthMagicLinkCommand from './magicLink/setup'
 export * as setupAuthNhostCommand from './nhost/setup'
 export * as setupAuthOktaCommand from './okta/setup'
-export * as setupAuthSupabaseCommand from './supabase/setup'
-export * as setupAuthSupertokensCommand from './supertokens/setup'

packages/auth-providers-web/jest.config.js

@@ -1,8 +1,5 @@
-const path = require('path')
-
 /** @type {import('@jest/types').Config.InitialOptions} */
 module.exports = {
   testEnvironment: 'jest-environment-jsdom',
   testPathIgnorePatterns: ['fixtures', 'dist'],
-  resolver: path.resolve(__dirname, './resolver.js'),
 }

packages/auth-providers-web/package.json

@@ -25,60 +25,32 @@
   },
   "dependencies": {
     "@babel/runtime-corejs3": "7.20.6",
-    "core-js": "3.26.1",
-    "uuid": "9.0.0"
+    "core-js": "3.26.1"
   },
   "devDependencies": {
-    "@auth0/auth0-spa-js": "1.22.5",
-    "@azure/msal-browser": "2.30.0",
     "@babel/cli": "7.19.3",
     "@babel/core": "7.20.5",
-    "@clerk/clerk-js": "3.17.0",
-    "@clerk/clerk-react": "3.5.1",
-    "@clerk/clerk-sdk-node": "3.9.2",
-    "@clerk/types": "2.21.0",
     "@nhost/hasura-auth-js": "1.4.1",
     "@nhost/nhost-js": "1.4.10",
     "@okta/okta-auth-js": "6.9.0",
     "@redwoodjs/auth": "3.2.0",
-    "@simplewebauthn/browser": "6.2.1",
-    "@simplewebauthn/typescript-types": "6.2.1",
-    "@supabase/supabase-js": "1.35.7",
-    "@types/netlify-identity-widget": "1.9.3",
     "@types/react": "17.0.50",
-    "@types/uuid": "8.3.4",
-    "firebase": "9.10.0",
-    "firebase-admin": "10.3.0",
     "gotrue-js": "0.9.29",
     "jest": "29.3.1",
     "magic-sdk": "9.1.1",
-    "netlify-identity-widget": "1.9.2",
     "react": "17.0.2",
-    "supertokens-auth-react": "0.26.5",
     "typescript": "4.7.4"
   },
   "peerDependencies": {
-    "@clerk/clerk-react": "3.5.1",
-    "@clerk/clerk-sdk-node": "3.9.2",
     "@magic-sdk/admin": "1.4.1",
-    "@okta/jwt-verifier": "2.6.0",
-    "firebase-admin": "10.3.0"
+    "@okta/jwt-verifier": "2.6.0"
   },
   "peerDependenciesMeta": {
-    "@clerk/clerk-react": {
-      "optional": true
-    },
-    "@clerk/clerk-sdk-node": {
-      "optional": true
-    },
     "@magic-sdk/admin": {
       "optional": true
     },
     "@okta/jwt-verifier": {
       "optional": true
-    },
-    "firebase-admin": {
-      "optional": true
     }
   },
   "gitHead": "3905ed045508b861b495f8d5630d76c7a157d8f1"

packages/auth-providers-web/src/index.ts

@@ -1,9 +1,5 @@
-export { createClerkAuth } from './clerk/clerk'
-export { createDbAuth } from './dbAuth/dbAuth'
 export { createEthereumAuth } from './ethereum/ethereum'
 export { createGoTrueAuth } from './goTrue/goTrue'
 export { createMagicLinkAuth } from './magicLink/magicLink'
 export { createNhostAuth } from './nhost/nhost'
 export { createOktaAuth } from './okta/okta'
-export { createSupabaseAuth } from './supabase/supabase'
-export { createSuperTokensAuth } from './supertokens/supertokens'

packages/auth-providers/clerk/api/.babelrc.js

@@ -0,0 +1 @@
+module.exports = { extends: '../../../../babel.config.js' }

packages/auth-providers/clerk/api/README.md

@@ -0,0 +1,141 @@
+# Authentication
+
+## Contributing
+
+If you want to contribute a new auth provider integration we recommend you
+start by implementing it as a custom auth provider in a Redwood App first. When
+that works you can package it up as an npm package and publish it on your own.
+You can then create a PR on this repo with support for your new auth provider
+in our `yarn rw setup auth` cli command. The easiest option is probably to just
+look at one of the existing auth providers in
+`packages/cli/src/commands/setup/auth/providers` and the corresponding
+templates in `../templates`.
+
+If you need help setting up a custom auth provider there's more info in the
+[auth docs](https://redwoodjs.com/docs/authentication).
+
+### Contributing to the base auth implementation
+
+If you want to contribute to our auth implementation, the interface towards
+both auth service providers and RW apps we recommend you start looking in
+`authFactory.ts` and then continue to `AuthProvider.tsx`. `AuthProvider.tsx`
+has most of our implementation together with all the custom hooks it uses.
+Another file to be accustomed with is `AuthContext.ts`. The interface in there
+has pretty god code comments, and is what will be exposed to RW apps.
+
+## getCurrentUser
+
+`getCurrentUser` returns the user information together with
+an optional collection of roles used by requireAuth() to check if the user is authenticated or has role-based access.
+
+Use in conjunction with `requireAuth` in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
+
+```js
+@param decoded - The decoded access token containing user info and JWT claims like `sub`
+@param { token, SupportedAuthTypes type } - The access token itself as well as the auth provider type
+@param { APIGatewayEvent event, Context context } - An object which contains information from the invoker
+such as headers and cookies, and the context information about the invocation such as IP Address
+```
+
+### Examples
+
+#### Checks if currentUser is authenticated
+
+This example is the standard use of `getCurrentUser`.
+
+```js
+export const getCurrentUser = async (decoded, { _token, _type }, { _event, _context }) => {
+  return { ...decoded, roles: parseJWT({ decoded }).roles }
+}
+```
+
+#### User details fetched via database query
+
+```js
+export const getCurrentUser = async (decoded) => {
+  return await db.user.findUnique({ where: { decoded.email } })
+}
+```
+
+#### User info is decoded from the access token
+
+```js
+export const getCurrentUser = async (decoded) => {
+  return { ...decoded }
+}
+```
+
+#### User info is contained in the decoded token and roles extracted
+
+```js
+export const getCurrentUser = async (decoded) => {
+  return { ...decoded, roles: parseJWT({ decoded }).roles }
+}
+```
+
+#### User record query by email with namespaced app_metadata roles as Auth0 requires custom JWT claims to be namespaced
+
+```js
+export const getCurrentUser = async (decoded) => {
+  const currentUser = await db.user.findUnique({ where: { email: decoded.email } })
+
+  return {
+    ...currentUser,
+    roles: parseJWT({ decoded: decoded, namespace: NAMESPACE }).roles,
+  }
+}
+```
+
+#### User record query by an identity with app_metadata roles
+
+```js
+const getCurrentUser = async (decoded) => {
+  const currentUser = await db.user.findUnique({ where: { userIdentity: decoded.sub } })
+  return {
+    ...currentUser,
+    roles: parseJWT({ decoded: decoded }).roles,
+  }
+}
+```
+
+#### Cookies and other request information are available in the req parameter, just in case
+
+```js
+const getCurrentUser = async (_decoded, _raw, { event, _context }) => {
+  const cookies = cookie(event.headers.cookies)
+  const session = cookies['my.cookie.name']
+  const currentUser = await db.sessions.findUnique({ where: { id: session } })
+  return currentUser
+}
+```
+
+
+## requireAuth
+
+ Use `requireAuth` in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
+
+```js
+@param {string=} roles - An optional role or list of roles
+@param {string[]=} roles - An optional list of roles
+
+@returns {boolean} - If the currentUser is authenticated (and assigned one of the given roles)
+
+@throws {AuthenticationError} - If the currentUser is not authenticated
+@throws {ForbiddenError} If the currentUser is not allowed due to role permissions
+```
+
+### Examples
+
+#### Checks if currentUser is authenticated
+
+```js
+requireAuth()
+```
+
+#### Checks if currentUser is authenticated and assigned one of the given roles
+
+```js
+ requireAuth({ role: 'admin' })
+ requireAuth({ role: ['editor', 'author'] })
+ requireAuth({ role: ['publisher'] })
+```

packages/auth-providers/clerk/api/jest.config.js

@@ -0,0 +1,4 @@
+/** @type {import('@jest/types').Config.InitialOptions} */
+module.exports = {
+  testPathIgnorePatterns: ['fixtures', 'dist'],
+}