Medusa plugins

Configuration

In order to be able to use the auth0 authentication provider, you have to add the configuration to your newly added plugins. To do so here are the steps

Configure your auth0 developer console

Go to your medusa-config.js

Check that the variables are set with the appropriate values

const BACKEND_URL = process.env.BACKEND_URL || "localhost:9000"
const ADMIN_URL = process.env.ADMIN_URL || "localhost:7000"
const STORE_URL = process.env.STORE_URL || "localhost:8000"
 
const Auth0ClientId = process.env.AUTH0_CLIENT_ID || ""
const Auth0ClientSecret = process.env.AUTH0_CLIENT_SECRET || ""
const Auth0Domain = process.env.AUTH0_DOMAIN || ""

Then in your plugins collections, if you did not already inserted the plugin, add the following otherwise, you can just add the auth0 options to your auth plugin options

{
resolve: "medusa-plugin-auth",
/** @type {import('medusa-plugin-auth').AuthOptions} */
options: [
  {
    type: "auth0",
    // strict: "all", // or "none" or "store" or "admin"
    strict: "none",
    identifier: "auth0",
    clientID: Auth0ClientId,
    clientSecret: Auth0ClientSecret,
    auth0Domain: Auth0Domain,
    admin: {
      callbackUrl: `${BACKEND_URL}/admin/auth/auth0/cb`,
      failureRedirect: `${ADMIN_URL}/login`,
      // The success redirect can be overridden from the client by adding a query param `?redirectTo=your_url` to the auth url
      // This query param will have the priority over this configuration
      successRedirect: `${ADMIN_URL}/`
    },
    store: {
      callbackUrl: `${BACKEND_URL}/store/auth/auth0/cb`,
      failureRedirect: `${STORE_URL}/login`,
      // The success redirect can be overridden from the client by adding a query param `?redirectTo=your_url` to the auth url
      // This query param will have the priority over this configuration
      successRedirect: `${STORE_URL}/`
    }
  }
]
}

The options that are commented are optional and the value that you see are the default values

Update your client to add the authentication action

After authentication is successfull, the user will be redirected to the successRedirect url with a ?access_token=your_token query param and a session cookie will be set. Session will automatically be authenticated. The access token is a JWT that can be used with Authorization: Bearer <token> header to authenticate requests to the backend instead of using a session cookie.

Default behaviour

The default verifyCallback flow looks as follow (unless the strict option is changed to none or store or admin depending on the targeted domain)

for the admin
- if the user trying to authenticate exists
  - then we are looking in the metadata to find if the strategy identifier is present in authProvider.
    - If it is not, the user authentication gets rejected.
    - In the case it is present, then the user authentication gets authorized.
- if the user trying to authenticate does not exist, an unauthorized error will be returned
for the store
- if the customer trying to authenticate exists
  - then we are looking in the metadata to find if the strategy identifier is present in authProvider.
    - If none are found, then the customer gets authenticated and can proceed and the metadata gets updated.
    - In the case another external authentication method have been used in the past, then an unauthorized will be returned.
- if the customer trying to authenticate does not exist, a new customer will be created with a randomly generated password and the authentication flow follow the previous point

Request only access token in a JSON response

If you are using your Medusa application with a SPA or mobile frontend, you can request opt to receive the access token in a JSON response instead of a redirect.

To do this, you have to add ?returnAccessToken=true query parameter to your authentication call. Your authentication URL will then look like this: ${medusa_url}/${authPath}?returnAccessToken=true

The response will look like this:

{
    access_token: "<your-jwt-token>"
}

Linkedin Firebase