feat(auth0): switch from cosmiconfig to configliere (#362)

[a-kriya]

Motivation

Migrates from cosmiconfig to in-house configliere for parsing configuration options.

Adds a protocol config option to allow users to choose serving over http or https.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@simulacrum/auth0-simulator@363

npm i https://pkg.pr.new/@simulacrum/foundation-simulator@363

npm i https://pkg.pr.new/@simulacrum/github-api-simulator@363

npm i https://pkg.pr.new/@simulacrum/server@363

commit: 08812b3

[frontsidejack]

Package Changes Through 08812b3

There are 4 changes which include @simulacrum/auth0-simulator with minor, @simulacrum/server with noop, @simulacrum/foundation-simulator with minor, @simulacrum/github-api-simulator with minor

Planned Package Versions

The following package releases are the planned based on the context of changes in this pull request.

package	current	next
@simulacrum/server	0.8.0	0.8.0
@simulacrum/foundation-simulator	0.6.1	0.7.0
@simulacrum/auth0-simulator	0.11.4	0.12.0
@simulacrum/github-api-simulator	0.6.4	0.7.0

Add another change file through the GitHub UI by following this link.

---

Read about change files or the docs at github.com/jbolda/covector

[a-kriya]

@jbolda Will you be able to help test this, and make improvements. I can't login with the default user due to SSL errors even when setting PROTOCOL=http.

[jbolda]

Hmm, how are you testing it out? If it uses the auth0 libs, those tend to throw errors if they aren't pointing at https. Is that the error you are getting? That is why we had the instructions to use mkcert on first run. I might expect the tests to pass at least without setting up that cert.

[a-kriya]

I was running the start script, which executes ./example/index.mts. Then going to the /login route and entering the default user credentials. Auth0 webAuth was hitting https://localhost because the domain passed to it did not specify protocol (domain: new URL(serviceURL(req)).host). I'll ignore that for now.

For the unit tests, I modified them in a separate commit to pass protocol: 'http' option, so they now all pass without depending on system state.

[jbolda]

As a bit of a separate question, do you have some requirements that prevent you from installing a local dev-only cert? I was considering automating that process more, a few libs can help some with it, but it the ramifications of trying to do it automatically were unclear.

[a-kriya]

Not really, mkcert is a dependency that hasn't been maintained for a few years. While I realize it might just be "complete" and doesn't require further work, I was just a bit wary of installing it and wanted to first figure out if the test suite can pass without it. And it did, so if it provides the same confidence it seems like an improvement because of a simpler setup.

Regardless, if you want to drop the third commit of this PR, please feel free.

[jbolda]

I think clientID was explicitly used as that aligns with Auth0 docs. Could we confirm that and maybe link it to their docs for future reference?

[a-kriya]

The WebAuth instantiation in views/login.ts still specifies clientID, but using it as our config option was creating --client-i-d and CLIENT_I_D as the parameters.

[jbolda]

Ahhh I see. @cowboyd do we have a good way to deal with this?

[jbolda]

It looks like you have some good progress here. We will need to parse with a file as well. The inject is the new part of the API to help in handling it. This example that uses the newer inject which we will need to load a config file. After we have our parser, the return of that is effectively an object. That object is what we can pass directly to the auth0 simulator.

[jbolda]

The slight adjustment here is that we don't do the config handling here. args.options should just be passed all of the data that we get from config. We won't parse in this function as that should be complete by the time we call this function. I don't think it will create a breaking change as before and after we only have an object. This distinction though means we can do more advanced parsing and pass in the result here.

[a-kriya]

How would start.cjs look? Would index.ts export getConfig which start.cjs will call and pass to simulation()?

[jbolda]

Yep! Or at least the config parser. getConfig() could probably be removed as you would want to handle commands and then call simulation only in some cases (instead of the early return that you have).