Fair Supply LogoFair Supply - Docs

Auth0 Infrastructure

Auth0 handles authentication and organisation-based SSO for the FSA Platform.

Key Files

TypeLocation
Auth0 Clientpackages/core/src/infrastructure/auth0/client.ts
Auth Utilitiesapps/web/src/lib/auth.ts
Repositoriespackages/core/src/infrastructure/repositories/auth0-*-repository.ts

Authentication Flow

Authentication is handled by Next.js middleware (proxy.ts). Unauthenticated users are redirected automatically.

JWT Claims

interface Auth0User {
  sub: string;           // Auth0 user ID (auth0|abc123)
  email: string;
  email_verified: boolean;
  name?: string;
  org_id?: string;       // Auth0 organisation ID
}

Organisation-Based SSO

Each Account links to an Auth0 Organisation for SSO:

Linking Account to Auth0 Org

const useCase = new CreateAndLinkAuth0Organisation();
await useCase.execute({ accountId, orgName, auth0UserId });

Management API

// packages/core/src/infrastructure/auth0/client.ts
import { ManagementClient } from 'auth0';

const management = new ManagementClient({
  domain: process.env.AUTH0_DOMAIN!,
  clientId: process.env.AUTH0_MGMT_CLIENT_ID!,
  clientSecret: process.env.AUTH0_MGMT_CLIENT_SECRET!,
});

Common Operations

// Create organisation
await management.organizations.create({ name: 'slug', display_name: 'Name' });

// Invite member
await management.organizations.createInvitation(
  { id: orgId },
  { inviter: { name }, invitee: { email }, client_id, send_invitation_email: true }
);

// Get members
await management.organizations.getMembers({ id: orgId });

// Check user exists
const users = await management.users.getByEmail(email);

Environment Variables

AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_CLIENT_ID=xxx
AUTH0_CLIENT_SECRET=xxx
AUTH0_MGMT_CLIENT_ID=xxx
AUTH0_MGMT_CLIENT_SECRET=xxx

Best Practices

  1. Rely on middleware for auth - proxy.ts handles authentication
  2. Sync with local data - keep User entity updated with Auth0
  3. Handle org context - check org_id claim for multi-tenant
  4. Validate roles server-side - never trust client claims
  5. Secure Management API - keep credentials safe
TypeLocation
Clientpackages/core/src/infrastructure/auth0/client.ts
Middlewareapps/web/src/middleware.ts
Auth Utilitiesapps/web/src/lib/auth.ts
Repositoriespackages/core/src/infrastructure/repositories/auth0-*-repository.ts

Inngest Infrastructure

Background jobs, event-driven architecture, and async processing

Guiding Principles

Core principles for building in the platform

On this page

Auth0 InfrastructureKey FilesAuthentication FlowJWT ClaimsOrganisation-Based SSOLinking Account to Auth0 OrgManagement APICommon OperationsEnvironment VariablesBest PracticesRelated Files