@mastra/auth-auth0 0.10.0

package/dist/index.d.cts

@@ -0,0 +1 @@
+export { MastraAuthAuth0 } from './_tsup-dts-rollup.cjs';

package/dist/index.d.ts

@@ -0,0 +1 @@
+export { MastraAuthAuth0 } from './_tsup-dts-rollup.js';

package/dist/index.js

@@ -0,0 +1,355 @@
+import { SpanKind, trace, context, propagation, SpanStatusCode } from './chunk-JLXWUSDO.js';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+
+// ../../packages/core/dist/chunk-EWDGXKOQ.js
+function hasActiveTelemetry(tracerName = "default-tracer") {
+  try {
+    return !!trace.getTracer(tracerName);
+  } catch {
+    return false;
+  }
+}
+function getBaggageValues(ctx) {
+  const currentBaggage = propagation.getBaggage(ctx);
+  const requestId = currentBaggage?.getEntry("http.request_id")?.value;
+  const componentName = currentBaggage?.getEntry("componentName")?.value;
+  const runId = currentBaggage?.getEntry("runId")?.value;
+  return {
+    requestId,
+    componentName,
+    runId
+  };
+}
+function withSpan(options) {
+  return function(_target, propertyKey, descriptor) {
+    if (!descriptor || typeof descriptor === "number") return;
+    const originalMethod = descriptor.value;
+    const methodName = String(propertyKey);
+    descriptor.value = function(...args) {
+      if (options?.skipIfNoTelemetry && !hasActiveTelemetry(options?.tracerName)) {
+        return originalMethod.apply(this, args);
+      }
+      const tracer = trace.getTracer(options?.tracerName ?? "default-tracer");
+      let spanName;
+      let spanKind;
+      if (typeof options === "string") {
+        spanName = options;
+      } else if (options) {
+        spanName = options.spanName || methodName;
+        spanKind = options.spanKind;
+      } else {
+        spanName = methodName;
+      }
+      const span = tracer.startSpan(spanName, { kind: spanKind });
+      let ctx = trace.setSpan(context.active(), span);
+      args.forEach((arg, index) => {
+        try {
+          span.setAttribute(`${spanName}.argument.${index}`, JSON.stringify(arg));
+        } catch {
+          span.setAttribute(`${spanName}.argument.${index}`, "[Not Serializable]");
+        }
+      });
+      const { requestId, componentName, runId } = getBaggageValues(ctx);
+      if (requestId) {
+        span.setAttribute("http.request_id", requestId);
+      }
+      if (componentName) {
+        span.setAttribute("componentName", componentName);
+        span.setAttribute("runId", runId);
+      } else if (this && this.name) {
+        span.setAttribute("componentName", this.name);
+        span.setAttribute("runId", this.runId);
+        ctx = propagation.setBaggage(
+          ctx,
+          propagation.createBaggage({
+            // @ts-ignore
+            componentName: { value: this.name },
+            // @ts-ignore
+            runId: { value: this.runId },
+            // @ts-ignore
+            "http.request_id": { value: requestId }
+          })
+        );
+      }
+      let result;
+      try {
+        result = context.with(ctx, () => originalMethod.apply(this, args));
+        if (result instanceof Promise) {
+          return result.then((resolvedValue) => {
+            try {
+              span.setAttribute(`${spanName}.result`, JSON.stringify(resolvedValue));
+            } catch {
+              span.setAttribute(`${spanName}.result`, "[Not Serializable]");
+            }
+            return resolvedValue;
+          }).finally(() => span.end());
+        }
+        try {
+          span.setAttribute(`${spanName}.result`, JSON.stringify(result));
+        } catch {
+          span.setAttribute(`${spanName}.result`, "[Not Serializable]");
+        }
+        return result;
+      } catch (error) {
+        span.setStatus({
+          code: SpanStatusCode.ERROR,
+          message: error instanceof Error ? error.message : "Unknown error"
+        });
+        if (error instanceof Error) {
+          span.recordException(error);
+        }
+        throw error;
+      } finally {
+        if (!(result instanceof Promise)) {
+          span.end();
+        }
+      }
+    };
+    return descriptor;
+  };
+}
+function InstrumentClass(options) {
+  return function(target) {
+    const methods = Object.getOwnPropertyNames(target.prototype);
+    methods.forEach((method) => {
+      if (options?.excludeMethods?.includes(method) || method === "constructor") return;
+      if (options?.methodFilter && !options.methodFilter(method)) return;
+      const descriptor = Object.getOwnPropertyDescriptor(target.prototype, method);
+      if (descriptor && typeof descriptor.value === "function") {
+        Object.defineProperty(
+          target.prototype,
+          method,
+          withSpan({
+            spanName: options?.prefix ? `${options.prefix}.${method}` : method,
+            skipIfNoTelemetry: true,
+            spanKind: options?.spanKind || SpanKind.INTERNAL,
+            tracerName: options?.tracerName
+          })(target, method, descriptor)
+        );
+      }
+    });
+    return target;
+  };
+}
+
+// ../../packages/core/dist/chunk-XXVGT7SJ.js
+var RegisteredLogger = {
+  LLM: "LLM"};
+var LogLevel = {
+  DEBUG: "debug",
+  INFO: "info",
+  WARN: "warn",
+  ERROR: "error"};
+var MastraLogger = class {
+  name;
+  level;
+  transports;
+  constructor(options = {}) {
+    this.name = options.name || "Mastra";
+    this.level = options.level || LogLevel.ERROR;
+    this.transports = new Map(Object.entries(options.transports || {}));
+  }
+  getTransports() {
+    return this.transports;
+  }
+  async getLogs(transportId) {
+    if (!transportId || !this.transports.has(transportId)) {
+      return [];
+    }
+    return this.transports.get(transportId).getLogs() ?? [];
+  }
+  async getLogsByRunId({ transportId, runId }) {
+    if (!transportId || !this.transports.has(transportId) || !runId) {
+      return [];
+    }
+    return this.transports.get(transportId).getLogsByRunId({ runId }) ?? [];
+  }
+};
+var ConsoleLogger = class extends MastraLogger {
+  constructor(options = {}) {
+    super(options);
+  }
+  debug(message, ...args) {
+    if (this.level === LogLevel.DEBUG) {
+      console.debug(message, ...args);
+    }
+  }
+  info(message, ...args) {
+    if (this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
+      console.info(message, ...args);
+    }
+  }
+  warn(message, ...args) {
+    if (this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
+      console.warn(message, ...args);
+    }
+  }
+  error(message, ...args) {
+    if (this.level === LogLevel.ERROR || this.level === LogLevel.WARN || this.level === LogLevel.INFO || this.level === LogLevel.DEBUG) {
+      console.error(message, ...args);
+    }
+  }
+  async getLogs(_transportId) {
+    return [];
+  }
+  async getLogsByRunId(_args) {
+    return [];
+  }
+};
+
+// ../../packages/core/dist/chunk-JOCKZ2US.js
+var MastraBase = class {
+  component = RegisteredLogger.LLM;
+  logger;
+  name;
+  telemetry;
+  constructor({ component, name }) {
+    this.component = component || RegisteredLogger.LLM;
+    this.name = name;
+    this.logger = new ConsoleLogger({ name: `${this.component} - ${this.name}` });
+  }
+  /**
+   * Set the logger for the agent
+   * @param logger
+   */
+  __setLogger(logger) {
+    this.logger = logger;
+    if (this.component !== RegisteredLogger.LLM) {
+      this.logger.debug(`Logger updated [component=${this.component}] [name=${this.name}]`);
+    }
+  }
+  /**
+   * Set the telemetry for the
+   * @param telemetry
+   */
+  __setTelemetry(telemetry) {
+    this.telemetry = telemetry;
+    if (this.component !== RegisteredLogger.LLM) {
+      this.logger.debug(`Telemetry updated [component=${this.component}] [name=${this.telemetry.name}]`);
+    }
+  }
+  /**
+   * Get the telemetry on the vector
+   * @returns telemetry
+   */
+  __getTelemetry() {
+    return this.telemetry;
+  }
+  /* 
+    get experimental_telemetry config
+    */
+  get experimental_telemetry() {
+    return this.telemetry ? {
+      // tracer: this.telemetry.tracer,
+      tracer: this.telemetry.getBaggageTracer(),
+      isEnabled: !!this.telemetry.tracer
+    } : void 0;
+  }
+};
+
+// ../../packages/core/dist/chunk-C6A6W6XS.js
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __knownSymbol = (name, symbol) => (symbol = Symbol[name]) ? symbol : Symbol.for("Symbol." + name);
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, {
+  enumerable: true,
+  configurable: true,
+  writable: true,
+  value
+}) : obj[key] = value;
+var __name = (target, value) => __defProp(target, "name", {
+  value,
+  configurable: true
+});
+var __decoratorStart = (base) => [, , , __create(base?.[__knownSymbol("metadata")] ?? null)];
+var __decoratorStrings = ["class", "method", "getter", "setter", "accessor", "field", "value", "get", "set"];
+var __expectFn = (fn) => fn !== void 0 && typeof fn !== "function" ? __typeError("Function expected") : fn;
+var __decoratorContext = (kind, name, done, metadata, fns) => ({
+  kind: __decoratorStrings[kind],
+  name,
+  metadata,
+  addInitializer: (fn) => done._ ? __typeError("Already initialized") : fns.push(__expectFn(fn || null))
+});
+var __decoratorMetadata = (array, target) => __defNormalProp(target, __knownSymbol("metadata"), array[3]);
+var __runInitializers = (array, flags, self, value) => {
+  for (var i = 0, fns = array[flags >> 1], n = fns && fns.length; i < n; i++) fns[i].call(self) ;
+  return value;
+};
+var __decorateElement = (array, flags, name, decorators, target, extra) => {
+  var it, done, ctx, k = flags & 7, p = false;
+  var j = 0;
+  var extraInitializers = array[j] || (array[j] = []);
+  var desc = k && ((target = target.prototype), k < 5 && (k > 3 || !p) && __getOwnPropDesc(target , name));
+  __name(target, name);
+  for (var i = decorators.length - 1; i >= 0; i--) {
+    ctx = __decoratorContext(k, name, done = {}, array[3], extraInitializers);
+    it = (0, decorators[i])(target, ctx), done._ = 1;
+    __expectFn(it) && (target = it);
+  }
+  return __decoratorMetadata(array, target), desc && __defProp(target, name, desc), p ? k ^ 4 ? extra : desc : target;
+};
+
+// ../../packages/core/dist/server/index.js
+var _MastraAuthProvider_decorators;
+var _init;
+var _a;
+_MastraAuthProvider_decorators = [InstrumentClass({
+  prefix: "auth",
+  excludeMethods: ["__setTools", "__setLogger", "__setTelemetry", "#log"]
+})];
+var MastraAuthProvider = class extends (_a = MastraBase) {
+  constructor(options) {
+    super({
+      component: "AUTH",
+      name: options?.name
+    });
+    if (options?.authorizeUser) {
+      this.authorizeUser = options.authorizeUser.bind(this);
+    }
+  }
+  registerOptions(opts) {
+    if (opts?.authorizeUser) {
+      this.authorizeUser = opts.authorizeUser.bind(this);
+    }
+  }
+};
+MastraAuthProvider = /* @__PURE__ */ ((_) => {
+  _init = __decoratorStart(_a);
+  MastraAuthProvider = __decorateElement(_init, 0, "MastraAuthProvider", _MastraAuthProvider_decorators, MastraAuthProvider);
+  __runInitializers(_init, 1, MastraAuthProvider);
+  return MastraAuthProvider;
+})();
+var MastraAuthAuth0 = class extends MastraAuthProvider {
+  domain;
+  audience;
+  constructor(options) {
+    super({ name: options?.name ?? "auth0" });
+    const domain = options?.domain ?? process.env.AUTH0_DOMAIN;
+    const audience = options?.audience ?? process.env.AUTH0_AUDIENCE;
+    if (!domain || !audience) {
+      throw new Error(
+        "Auth0 domain and audience are required, please provide them in the options or set the environment variables AUTH0_DOMAIN and AUTH0_AUDIENCE"
+      );
+    }
+    this.domain = domain;
+    this.audience = audience;
+    this.registerOptions(options);
+  }
+  async authenticateToken(token) {
+    const JWKS = createRemoteJWKSet(new URL(`https://${this.domain}/.well-known/jwks.json`));
+    const { payload } = await jwtVerify(token, JWKS, {
+      issuer: `https://${this.domain}/`,
+      audience: this.audience
+    });
+    return payload;
+  }
+  async authorizeUser(user) {
+    return !!user;
+  }
+};
+
+export { MastraAuthAuth0 };

package/eslint.config.js

@@ -0,0 +1,6 @@
+import { createConfig } from '@internal/lint/eslint';
+
+const config = await createConfig();
+
+/** @type {import("eslint").Linter.Config[]} */
+export default [...config];

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@mastra/auth-auth0",
+  "version": "0.10.0",
+  "description": "Mastra Auth0 Auth integration",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    },
+    "./package.json": "./package.json"
+  },
+  "license": "Elastic-2.0",
+  "dependencies": {
+    "jose": "^6.0.11"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.1",
+    "eslint": "^9.25.1",
+    "tsup": "^8.4.0",
+    "typescript": "^5.8.3",
+    "vitest": "^2.1.9",
+    "@internal/lint": "0.0.8",
+    "@mastra/core": "0.10.2"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --experimental-dts --clean --treeshake",
+    "build:watch": "pnpm build --watch",
+    "test": "vitest run",
+    "lint": "eslint ."
+  }
+}

package/src/index.test.ts

@@ -0,0 +1,112 @@
+import { jwtVerify, createRemoteJWKSet } from 'jose';
+import { beforeEach, afterEach, describe, expect, test, vi } from 'vitest';
+import { MastraAuthAuth0 } from './index';
+
+// Mock jose library
+vi.mock('jose', () => ({
+  createRemoteJWKSet: vi.fn(),
+  jwtVerify: vi.fn(),
+}));
+
+describe('MastraAuthAuth0', () => {
+  beforeEach(() => {
+    process.env.AUTH0_DOMAIN = 'test-domain.auth0.com';
+    process.env.AUTH0_AUDIENCE = 'test-audience';
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    delete process.env.AUTH0_DOMAIN;
+    delete process.env.AUTH0_AUDIENCE;
+  });
+
+  describe('constructor', () => {
+    test('initializes with environment variables', () => {
+      const auth0 = new MastraAuthAuth0();
+      expect(auth0['domain']).toBe('test-domain.auth0.com');
+      expect(auth0['audience']).toBe('test-audience');
+    });
+
+    test('initializes with provided options', () => {
+      const auth0 = new MastraAuthAuth0({
+        domain: 'custom-domain.auth0.com',
+        audience: 'custom-audience',
+      });
+      expect(auth0['domain']).toBe('custom-domain.auth0.com');
+      expect(auth0['audience']).toBe('custom-audience');
+    });
+
+    test('throws error when domain is missing', () => {
+      delete process.env.AUTH0_DOMAIN;
+      expect(() => new MastraAuthAuth0()).toThrow();
+    });
+
+    test('throws error when audience is missing', () => {
+      delete process.env.AUTH0_AUDIENCE;
+      expect(() => new MastraAuthAuth0()).toThrow();
+    });
+  });
+
+  describe('authenticateToken', () => {
+    test('verifies JWT and returns payload', async () => {
+      const mockJWKS = vi.fn();
+      (createRemoteJWKSet as any).mockReturnValue(mockJWKS);
+      (jwtVerify as any).mockResolvedValue({
+        payload: { sub: 'user123', permissions: ['read'] },
+      });
+
+      const auth0 = new MastraAuthAuth0();
+      const result = await auth0.authenticateToken('test-token');
+
+      expect(createRemoteJWKSet).toHaveBeenCalledWith(new URL('https://test-domain.auth0.com/.well-known/jwks.json'));
+      expect(jwtVerify).toHaveBeenCalledWith('test-token', mockJWKS, {
+        issuer: 'https://test-domain.auth0.com/',
+        audience: 'test-audience',
+      });
+      expect(result).toEqual({ sub: 'user123', permissions: ['read'] });
+    });
+
+    test('handles JWT verification failure', async () => {
+      (createRemoteJWKSet as any).mockReturnValue(vi.fn());
+      (jwtVerify as any).mockRejectedValue(new Error('Invalid token'));
+
+      const auth0 = new MastraAuthAuth0();
+      await expect(auth0.authenticateToken('invalid-token')).rejects.toThrow('Invalid token');
+    });
+  });
+
+  describe('authorizeUser', () => {
+    test('returns true for valid user', async () => {
+      const auth0 = new MastraAuthAuth0();
+      const result = await auth0.authorizeUser({ sub: 'user123' });
+      expect(result).toBe(true);
+    });
+
+    test('returns false for null/undefined user', async () => {
+      const auth0 = new MastraAuthAuth0();
+      const result = await auth0.authorizeUser(null as any);
+      expect(result).toBe(false);
+    });
+
+    test('can be overridden with custom authorization logic', async () => {
+      const auth0 = new MastraAuthAuth0({
+        async authorizeUser(user: any): Promise<boolean> {
+          // Custom authorization logic that checks for specific permissions
+          return user?.permissions?.includes('admin') ?? false;
+        },
+      });
+
+      // Test with admin user
+      const adminUser = { sub: 'user123', permissions: ['admin'] };
+      expect(await auth0.authorizeUser(adminUser)).toBe(true);
+
+      // Test with non-admin user
+      const regularUser = { sub: 'user456', permissions: ['read'] };
+      expect(await auth0.authorizeUser(regularUser)).toBe(false);
+
+      // Test with user without permissions
+      const noPermissionsUser = { sub: 'user789' };
+      expect(await auth0.authorizeUser(noPermissionsUser)).toBe(false);
+    });
+  });
+});

package/src/index.ts

@@ -0,0 +1,49 @@
+import { MastraAuthProvider } from '@mastra/core/server';
+import type { MastraAuthProviderOptions } from '@mastra/core/server';
+
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+import type { JWTPayload } from 'jose';
+
+type Auth0User = JWTPayload;
+
+interface MastraAuthAuth0Options extends MastraAuthProviderOptions<Auth0User> {
+  domain?: string; // set this to your Auth0 domain
+  audience?: string; // set this to your Auth0 API identifier
+}
+
+export class MastraAuthAuth0 extends MastraAuthProvider<Auth0User> {
+  protected domain: string;
+  protected audience: string;
+  constructor(options?: MastraAuthAuth0Options) {
+    super({ name: options?.name ?? 'auth0' });
+
+    const domain = options?.domain ?? process.env.AUTH0_DOMAIN;
+    const audience = options?.audience ?? process.env.AUTH0_AUDIENCE;
+
+    if (!domain || !audience) {
+      throw new Error(
+        'Auth0 domain and audience are required, please provide them in the options or set the environment variables AUTH0_DOMAIN and AUTH0_AUDIENCE',
+      );
+    }
+
+    this.domain = domain;
+    this.audience = audience;
+
+    this.registerOptions(options);
+  }
+
+  async authenticateToken(token: string): Promise<Auth0User | null> {
+    const JWKS = createRemoteJWKSet(new URL(`https://${this.domain}/.well-known/jwks.json`));
+
+    const { payload } = await jwtVerify(token, JWKS, {
+      issuer: `https://${this.domain}/`,
+      audience: this.audience,
+    });
+
+    return payload;
+  }
+
+  async authorizeUser(user: Auth0User) {
+    return !!user;
+  }
+}

package/tsconfig.json

@@ -0,0 +1,5 @@
+{
+  "extends": "../../tsconfig.node.json",
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "**/*.test.ts"]
+}

package/vitest.config.ts

@@ -0,0 +1,8 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+    include: ['src/**/*.test.ts'],
+  },
+});