This example shows how to implement OpenID Connect user authentication and authorization in Lowdefy, and how to use role based authorization. More information on user authentication and authorization can be found in the Lowdefy docs.
Auth0 is used as a OpenId Connect provider, and a MongoDB database and an Auth0 login rule is used to create an "invite only" authentication service, where only users that have been added by an administrator are allowed to access the app.
This app has a public page, that can be accessed by anybody, as well as a protected page, that can only be accessed by logged in users. It also has profile and edit profile pages, that users can access to view and edit their profile. It also has user admin pages, that allow users with the "admin" role to view, create and edit users.
Create a free MongoDB database cluster hosted by MongoDB Atlas at www.mongodb.com/try.
In the Database access section, create a database user with read access to any database.
In the main cluster view, click "connect", then "Connect you application". This will give a MongoDB URI connection string. Use the credentials you just created in the connection string.
You can read more about the Lowdefy MongoDB connector.
Sign up for an Auth0 tenant at auth0.com
Create a new application. An Auth0 application is an OpenID Connect client. Choose a "Regular Web Application".
Configure the application in the settings tab.
The things you should configure are:
Allowed Callback URLs:
http://localhost:3000/auth/openid-callback,https://your-custom-domain.example.com/auth/openid-callback
Allowed Logout URLs:
http://localhost:3000/logged-out, https://your-custom-domain.example.com/logged-out
Make sure to save the changes.
You will need the "Domain", "Client ID", and "Client Secret" from the basic information section of the settings tab.
You will need to create a JSON web token secret. This secret should be a long randomly generated string. Your app will use this to sign the tokens used to authorize users. You can run the following command in the command console to generate the key:
node -e "console.log(require('crypto').randomBytes(256).toString('base64'));"
We recommend using a different key in your development and production environments.
Create a .env file in your project folder. It should contain the following:
LOWDEFY_SECRET_MONGODB_URI = YOUR_MONGODB_CONNECTION_STRING
LOWDEFY_SECRET_OPENID_CLIENT_ID = YOUR_AUTHO_CLIENT_ID
LOWDEFY_SECRET_OPENID_CLIENT_SECRET = YOUR_AUTHO_CLIENT_SECRET
LOWDEFY_SECRET_OPENID_DOMAIN = YOUR_AUTHO_DOMAIN
LOWDEFY_SECRET_JWT_SECRET = YOUR_SECRET_KEY
The LOWDEFY_SECRET_OPENID_DOMAIN should contain the https:// URL protocol prefix.
In the command console, navigate to your project folder and run the Lowdefy CLI: npx lowdefy@latest dev.
- Getting started with Lowdefy - https://docs.lowdefy.com/tutorial-start
- Lowdefy docs - https://docs.lowdefy.com
- Lowdefy website - https://lowdefy.com
- Community forum - https://github.com/lowdefy/lowdefy/discussions
- Bug reports and feature requests - https://github.com/lowdefy/lowdefy/issues