sqass · bhargavjulaganti · Mar 24, 2024
diff --git a/README.md b/README.md
@@ -143,3 +143,6 @@ Create a PUT request for the API endpoint `/api/candy` , with below requestBody
 </details>
 
 
+
+
+
diff --git a/api-server/.env b/api-server/.env
@@ -0,0 +1,2 @@
+AUDIENCE=http://localhost:3010
+ISSUER_BASE_URL=https://dev-zzqedh33f717ukmd.us.auth0.com
diff --git a/api-server/app.js b/api-server/app.js
@@ -1,9 +1,17 @@
 const express = require('express');
 const app = express();
+const { auth, requiredScopes } = require('express-oauth2-jwt-bearer');
+require('dotenv').config();
 const port = 3000; // You can change the port as needed
 
 app.use(express.json());
 
+if (!process.env.ISSUER_BASE_URL || !process.env.AUDIENCE) {
+  throw 'Make sure you have ISSUER_BASE_URL, and AUDIENCE in your .env file';
+}
+
+const checkJwt = auth();
+
 // Sample candy data
 const candyData = [
   {
@@ -84,7 +92,11 @@ app.put('/api/candy/', (req, res) => {
   res.json(candyData[candyIndex]);
 });
 
-
+app.get('/api/private/candy', checkJwt, function(req, res) {
+  res.json({
+    message: 'Hello from a private endpoint! You need to be authenticated to hit the candy store'
+  });
+});
 
 
 app.listen(port, () => {

diff --git a/api-server/package-lock.json b/api-server/package-lock.json
diff --git a/api-server/package.json b/api-server/package.json
@@ -12,6 +12,8 @@
     "body-parser": "^1.20.2",
     "cors": "^2.8.5",
     "express": "^4.18.2",
-    "jsonwebtoken": "^9.0.2"
+    "jsonwebtoken": "^9.0.2",
+    "express-oauth2-jwt-bearer": "^1.6.0",
+    "dotenv": "^10.0.0"
   }
 }
diff --git a/candy-api-tests/playwright.config.ts b/candy-api-tests/playwright.config.ts
@@ -1,5 +1,16 @@
 import { defineConfig, devices } from '@playwright/test';
 
+// Define your secrets
+export const config = {
+  // Other configurations...
+  secrets: {
+    client_id: 'XKDpzYJvVgsF7N6AgiGr0joOgEPQ06CR',
+    client_secret: 'bA4b3p8a72kiAS8SU4KJLZqEYEI2Kbo0PaHATS0VATLEV4aEITKhbeS16RUHVNw1',
+    // Add more secrets as needed
+  },
+};
+
+
 /**
  * Read environment variables from file.
  * https://github.com/motdotla/dotenv
@@ -30,6 +41,7 @@ export default defineConfig({
     trace: 'on-first-retry',
   },
 
+
   /* Configure projects for major browsers */
   projects: [
     {

diff --git a/candy-api-tests/tests/api-candy-auth0-tests.spec.ts b/candy-api-tests/tests/api-candy-auth0-tests.spec.ts
@@ -0,0 +1,28 @@
+import { expect, test } from '@playwright/test'
+import { config } from '../playwright.config';
+
+test('get private endpoint', async ( {request})=> {
+
+    const tokenResponse = await request.post('https://dev-zzqedh33f717ukmd.us.auth0.com/oauth/token', {
+        data: {
+            "client_id": config.secrets.client_id,
+            "client_secret": config.secrets.client_secret,
+            "audience": "http://localhost:3010",
+            "grant_type": "client_credentials"
+        }
+      });
+
+    expect(tokenResponse.status()).toBe(200);  
+
+    const tokenResponseAsJson = await tokenResponse.json();
+
+
+    const response = await request.get('http://localhost:3000/api/private/candy', {
+        headers: {
+            'Authorization': `Bearer ${tokenResponseAsJson.access_token}`,
+        }
+    });
+    const responseAsJson = await response.json();
+
+    expect(response.status()).toBe(200);
+})
Original file line number	Diff line number	Diff line change
Expand Up		@@ -143,3 +143,6 @@ Create a PUT request for the API endpoint `/api/candy` , with below requestBody
		</details>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		AUDIENCE=http://localhost:3010
		ISSUER_BASE_URL=https://dev-zzqedh33f717ukmd.us.auth0.com