Skip to content

Conversation

Lunia98
Copy link

@Lunia98 Lunia98 commented Aug 7, 2025

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Caution

This PR includes changes that depend on this other PR in auth0-spa-js. When that one is merged and a release is done, we have to update the dependency before this PR can be merged.

Description

Adds checking to the withAuthenticationRequired HOC, enabling route protection based on specific permissions (audience/scope) rather than just authentication status.

  • Auto-injects audience/scope into getAccessTokenSilently calls
  • Preserves explicit parameters while filling in missing ones
  • Eliminates need to manually pass tokens scopes repeatedly
  • Optional onError prop for custom authorization error UI
  • Default "Access Denied" component when no custom error provided
    Usage
// Protect admin routes with specific permissions
const AdminRoute = withAuthenticationRequired(AdminPanel, {
  loginOptions: {
    authorizationParams: { scope: 'read:admin write:admin' }
  },
  onError: () => <CustomAccessDenied />
});

// Components automatically get scoped tokens
function ProtectedComponent() {
  const { getAccessTokenSilently } = useAuth0();
  // This call includes audience/scope from withAuthenticationRequired
  const token = await getAccessTokenSilently();
}

Testing

Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

Please include any manual steps for testing end-to-end or functionality not covered by unit/integration tests.

Also include details of the environment this PR was developed in (language/platform/browser version).

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@Lunia98 Lunia98 self-assigned this Aug 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant