Create Auth0 SSR Apollo Hasura example

[haf]

Description

Fixes #114

Supercedes #113

It should be noted that 6700 LoC is the yarn.lock file, and the deletions is the previous example that I bootstrapped this one from.

The TLS certificates are optional, requiring cfssl to generate and having a script to do so built in; but I've found that in dev teams and for examples, having them in leads to smoother onboarding, so they're more useful in git than not.

There are two @ts-ignore statements; these can be removed when you either merge #113 or this PR and release a new version; I was never able to get yarn link to work in a PR, nor able to get npm to reference the package as ../.. instead of "^0.13.0". The ignores can then be removed.

I use yarn, because I don't want to keep rm -rf node_modules. Anecdotal evidence; the last 4 months in a dev team; team came from npm before, with yarn in this new project, removing the node_modules directory was never needed for the duration of the project. I prefer this consistency.

You can run/test this PR in three forms:

• yarn && yarn dev — simple, localhost form
• make deploy_dev — deploy on k8s and then you port-forward (but have to make sure your Auth0 matches this forward)
• the above + setting up an ingress, pointing to the certificates I added and having a much more realistic test environment that can include HSTS, certificate pinning, and realistic values for all configuration variables — this is how my teams do their development

Since everything I've found online does it wrong this could potentially be a pretty good pattern to document. (It either only does SSR, it uses cookies, not bearer tokens, has no answers, has wrong answers, it only does client-side, or it has race conditions [like this repo])

@reicheltp Would you fix #109 as part of this PR? I haven't investigated the oidc-client lib and what it's capable of, nor how the signing key/nonces would be saved between stateless replicas or for serverless deployments.

Testing

• This change adds test coverage for new/changed/fixed functionality

I'm not sure how you handle your examples/ testing, but I still think this PR makes them better than what is available right now. Perhaps you could move this lib out of prerelease state as part of merging.

Another curious observation during the writing of this PR, was that if you link to the source directly, client-side rendering in the next dev environment doesn't work, because it loads/typechecks the node-only OIDC-client library.

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master

[haf]

@james-ff @BjoernRave @mrskish Now please test this PR, so we can merge it and so we can reduce the latency between changes and feedback!

[reicheltp]

@haf The PKCE Support (#109) is only an implementation detail and do neither modify the public API nor requires any changes in the examples. Thus, I think we should target this with a separate PR.

[BjoernRave]

I think this example is maybe a bit too advanced. Especially bringing in kubernetes here will be overwhelming for many.

I also don't think hasura is necessary, a simple graphql or REST api would suffice.

We might want to have one example for graphql and one for REST seperately

[haf]

This PR is done anyway. Merge it then and then refactor to separate examples; it gets easier when you have the withAuth and the UserProvider built into the core, also.

[m-torin]

I also don't think hasura is necessary, a simple graphql or REST api would suffice.

I agree; core examples should be simple enough to fit generic use cases so people learn, not solve all their problems; that's what boilerplates are for. This certainly is a good complex boilerplate though.

[jpwesselink]

Even though this example touches Hasura and Kubernetes I think it is very helpful. Thanks for this!

[haf]

@jpwesselink You're welcome! :)

[Widcket]

Hi @haf, this example is far too complex to be a core example. And with all the changes in the 1.0.0 beta, it's outdated now as well. Thanks anyway for wanting to demonstrate good practices on using this library with Apollo Client. No doubt many will still find it useful.