server.js

const express = require('express');
const app = express();
const jwt = require('express-jwt');
const path = require('path');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
const cors = require('cors');
require('dotenv').config();
const bodyParser = require('body-parser');
const AuthenticationClient = require('auth0').AuthenticationClient;
const ManagementClient = require('auth0').ManagementClient;

const auth0 = new AuthenticationClient({
  domain: `${process.env.AUTH0_DOMAIN}`,
  clientId: `${process.env.AUTH0_CLIENTID}`
});

const PORT = process.env.PORT || 3010;

if (!process.env.AUTH0_DOMAIN || !process.env.AUTH0_AUDIENCE) {
  throw 'Make sure you have AUTH0_DOMAIN, and AUTH0_AUDIENCE in your .env file';
}

const corsOptions =  {
  origin: 'http://localhost:3000'
};
app.use(cors(corsOptions));

let apiAccessToken = '';
const request = require("request");
const options = { method: 'POST',
  url: `https://${process.env.AUTH0_DOMAIN}/oauth/token`,
  headers: { 'content-type': 'application/json' },
  body:
    { grant_type: 'client_credentials',
      client_id: `${process.env.AUTH0_API_CLIENTID}`,
      client_secret: `${process.env.AUTH0_API_CLIENTSECRET}`,
      audience: `https://${process.env.AUTH0_DOMAIN}/api/v2/`,
      scope: 'read:users_app_metadata',
    },
  json: true };
request(options, function (error, response, body) {
  if (error) throw new Error(error);
  apiAccessToken = body.access_token;
  console.log(apiAccessToken);
});



app.use(bodyParser.urlencoded({ extended: false }));

const checkJwt = jwt({
  // Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint.
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: `https://${process.env.AUTH0_DOMAIN}/.well-known/jwks.json`
  }),

  // Validate the audience and the issuer.
  audience: process.env.AUTH0_AUDIENCE,
  issuer: `https://${process.env.AUTH0_DOMAIN}/`,
  algorithms: ['RS256']
});

const checkScopes = jwtAuthz(['read:messages']);

// Serve static files from the React app
app.use(express.static(path.join(__dirname, '../client/build')));

app.get('/api/public', function(req, res) {
  res.json({
    message: 'Hello from a public endpoint! You don\'t need to be authenticated to see this.'
  });
});

app.get('/api/private', checkJwt, function(req, res) {
  // console.dir(req.query);
  const access_token = req.query.access_token;
  auth0.users.getInfo(access_token, (err,user)=>{
    const management = new ManagementClient({
      domain: `${process.env.AUTH0_DOMAIN}`,
      token: apiAccessToken,
      clientId: `${process.env.AUTH0_API_CLIENTID}`,
      scope: 'read:users_app_metadata'
    });
    management.getUser({ id: user.sub }, function (err, user) {
      console.log('mgmt0.getUser user roles:', user.app_metadata.roles);
    });
  });

  res.json({
    message: 'Hello from a private endpoint! You need to be authenticated to see this.'
  });
});

app.get('/api/private-scoped', checkJwt, checkScopes, function(req, res) {
  res.json({
    message: 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.'
  });
});


// *** Mongo
// const loadMongo = require('./loadMongo');




app.use(function(err, req, res, next){
  console.error(err.stack);
  return res.status(err.status).json({ message: err.message });
});

// The "catchall" handler: for any request that doesn't
// match one above, send back React's index.html file.
app.get('*', (req, res) => {
  res.sendFile(path.join(__dirname+'/../client/build/index.html'));
});

app.listen(PORT);
// console.log('Listening on http://localhost:'+PORT);
console.log('Listening on port:'+PORT);