Loading...
Authentication as a ServiceBackend as a Service

Webtask + mLab + Auth0

Hello guys,

In this post, I will approach the joint services available in the cloud called Webtask.io and mlab, creating a REST service for recording and obtaining a list of records and still using authentication capabilities using the platform Auth0.

Well, I’ll start the post with some contextualization:

What is the Webtask.io?
The proposed of Webtask is allow to you an remote code execution on a server without the need to prepare an environment for code execution. The Webtask platform runs in NodeJS, therefore a prior knowledge about this technology is necessary.

For we use the Webtask platform, create an account using this link. After your registration, you will be able to use the service free of charge with some limitations.

The great advantage of using this service is that we can keep our authenticated calls based on applications created within the Auth0 platform, ensuring that only authenticated users can make use.

After the registration in Webtask platform, the Webtask platform CLI installation is required, so you can make the deployment of your code, to install, run the following command in your terminal:

1
$ npm install wt-cli -g

After installation, you must start CLI configuration using the command:

1
$ wt init [YOUR-EMAIL-ACCOUNT-AT-Auth0]

Okay, we already have a valid account on the Auth0 platform, and we enable our account in Webtask platform and set up our command line so we can send our tasks to the server in the cloud.

What is the mlab?
mlab is a service that aims to provide the Database-as-a-Service (DaaS) for MongoDB. The concept of Database as a Service came up with the intention of providing a database instance configured in the cloud for our use, you do not need advanced knowledge of DBMS’s management to consume the service. When creating an account, the service will be automatically configured, requiring only the definition of the database name, its users and privileges (in most DaaS providers)

The next step is create an account on mlab service, which will allow us to have an instance of a free MongoDB in the cloud to effectuate their consumption using services running in Webtask.

After the registration in mlab, we will make the creation of an instance of MongoDB:

After creating the database, configuration of users and passwords for the connection is needed with MongoDB:

And as a result:

Ok, we are ready to start the development of our code to make deploy at Webtask.io.

Well, the first concept that we must remember is that we do not have physical access to the server. Our code will be sent via CLI, in this way we do not have access to install modules of NodeJS. First of all check which modules in NodeJS that are available for our use. To do this check, please use this link.

The second very important concept is that it is not mandatory to use authentication for use of services in Webtask.io, meaning you can make the deployment of a task in the service and it does not need to implement any safety routine in any application linked to profile in Auth0. However, in this article we will make an approach to authenticate requests.

If you haven’t made the configuration of an application at Auth0, I suggest you read this article.

Ok, the first task that we publish, is a task that has as objective get a POST with a JSON containing an activity to be stored in our MongoDB server, simulating the development of a “ToDo” application.

For this, we will create a file called new-task.js with the following content:

Modules for implementation

1
2
3
var app = new (require('express'))();
var wt = require('webtask-tools');
var MongoClient = require('mongodb').MongoClient;

Function to obtain a connection with MongoDB

1
2
3
4
5
6
7
8
9
10
function getCollection(url) {
  return new Promise( (resolve, reject) => {
      MongoClient.connect(url, (error, db) => {
        if(error) {
            return reject(error);
        }
        resolve(db.collection('tasks'));
    });
  });
}

Function to save a “task” in a collection at MongoDB

1
2
3
4
5
6
7
8
9
10
function saveTask(doc, collection) {
  return new Promise( (resolve, reject) => {
    collection.insertOne(doc, (error, result) => {
        if (error) {
            return reject(error);
        }
        resolve(result);
      });
  });
}

Making the registration of the task in the previous collection

1
2
3
4
5
6
7
8
9
app.post('*', function (req, res) {
    const task = {
        task: req.webtaskContext.data.task
    }
    getCollection(req.webtaskContext.data.MONGO_URL)
        .then(collection => saveTask(task, collection))
        .then(post       => res.status(200).json(post))
        .catch(err       => res.status(500).end('Error: ' + err.message));
});

Expose service, and requesting its authentication via .auth0() method

1
module.exports = wt.fromExpress(app).auth0();

Some considerations can be made here. Realize that not disclose any restrictions regarding user token validation on each request, and also not reported in our new-task.js file the connection string with the MongoDB.

This information is passed into the Webtask platform, via the command line at the time of application deployment.

The deployment must be done via command line, as shown below:

1
2
3
wt create -s AUTH0_CLIENT_ID="" -s AUTH0_CLIENT_SECRET="" -s AUTH0_DOMAIN="" -s MONGO_URL="" new-task.js
Webtask created
You can access your webtask at the following url: https://webtask.it.auth0.com/api/run/[YOUR-ID]/new-task?webtask_no_cache=1

Realize that I’m telling four parameters with the -s option (secret). Three of them concerning my authentication credentials of my application in Auth0 platform, and one of them corresponds to my connection URL MongoDB, obtained in mlab platform.

So you can properly test the application, you simply inform the parameters correctly and in sequence, run the query stating how your Token URL parameter obtained the authentication of its user in Auth0. For this, the above URL would be: https://webtask.it.auth0.com/api/run/[YOUR-ID]/new-task?access_token=[YOUR-TOKEN].

In this example on github, I added two services, one for recording a record (new-task.js), and a second service, to read the tasks registered in MongoDB (list-task.js).

Any questions, just post a comment here!

Leave a Reply

Your email address will not be published. Required fields are marked *