Using Auth0 to authenticate

[diegodambra]

I'm trying to enable the Auth0 authentication.

Currently I'm able to access the rs-ui login window, click login, enter credentials using Auth0's Universal Login, and get redirected back to Restreamer http://localhost:3000/?address=http://localhost:8080. Load spinner is active for 5s and then an error. Chrome inspect reveals failure, POST to endpoint /api/login with Authorization header Bearer token, the error is "Missing authorization credentials".

RS-Core started with:
docker run --rm -it --name rs-test --hostname test.restreaming.com -p 8080:8080 -p 6000:6000/udp --env CORE_API_AUTH_USERNAME=admin --env CORE_API_AUTH_PASSWORD=test --env CORE_API_AUTH_AUTH0_ENABLE=true --env CORE_API_AUTH_AUTH0_TENANTS='auth0://MY_CLIENT_ID@MY_TENANT.eu.auth0.com?aud=https://api.MYDOMAIN.com&user=auth0|USER_ID' -v rs-dev-data:/core/data -v rs-dev-config:/core/config datarhei/restreamer:latest

Somebody got Auth0 to work and would like to share their setup?

[diegodambra]

Believe I got a working solution. Problem with the rs-UI auth0.js file, because of changes to @auth0/auth0-spa-js.

After mapping client_id from tenants env to clientId, the /authorize request works, but then the received token from Auth0 is an encrypted access tokens (JWEs), instead of the expected signed tokens (JWSs) which is what rs-Core understand. The issue is absence of the audience parameter in the getTokenSilently retrieval process. Without specifying the correct audience, Auth0 issues default tokens that doesn't align with API requirements, resulting in encrypted tokens being issued instead of signed ones.

Token structure validated using jwt.io, now has the correct format:

{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "YOUR_KEY_ID"
}

I'll do some more testing, then make pull-request.

[diegodambra]

Made PR, please take a look, thanks.

datarhei/restreamer-ui#65