Skip to main content
A new Beta version of this quickstart is available using the @auth0/auth0-express SDK, which will soon replace this guide. Try the Beta quickstart →

Use AI to integrate Auth0

If you use an AI coding assistant like Claude Code, Cursor, or GitHub Copilot, you can add Auth0 authentication automatically in minutes using agent skills.Install:
Then ask your AI assistant:
Your AI assistant will automatically create your Auth0 application, fetch credentials, install express-openid-connect, configure the middleware, and set up your routes. Full agent skills documentation →
Prerequisites: Before you begin, ensure you have the following installed:
  • Node.js 18 LTS or newer
  • npm 10+ or yarn 1.22+
  • jq - Required for Auth0 CLI setup (optional)
Express Version Compatibility: This quickstart works with Express 4.17.0 and newer.

Get Started

This guide demonstrates how to integrate Auth0, add authentication, and display user profile information in an Express.js web application using the express-openid-connect SDK.

1. Create a new project

Create a new directory for your Express application and initialize a Node.js project.
Create the project structure:

2. Install the Auth0 Express SDK

Install express-openid-connect along with Express and dotenv for environment variable management.
For development, install nodemon to automatically restart your server on file changes:
Update your package.json to add start scripts: 📁 package.json

3. Setup your Auth0 App

Next, you need to create a new application on your Auth0 tenant and add the environment variables to your project. You can choose to set up your Auth0 app automatically by running a CLI command, or do it manually via the Dashboard:
Run the following shell command in your project’s root directory to create an Auth0 application and generate your .env file:
This command will:
  1. Check if you’re authenticated (and prompt for login if needed)
  2. Create an Auth0 Regular Web Application configured for http://localhost:3000
  3. Generate a .env file with ISSUER_BASE_URL, CLIENT_ID, SECRET, and BASE_URL

4. Configure the middleware

Add the Auth0 middleware to your Express application. The auth() middleware handles session management and automatically creates /login, /logout, and /callback routes. 📁 index.js
What this does:
  • authRequired: false allows both authenticated and unauthenticated users to access routes by default
  • auth0Logout: true ensures users are logged out from Auth0 as well as your app
  • The middleware automatically provides routes at /login, /logout, and /callback
  • User session is stored in an encrypted cookie

5. Create login, logout, and profile routes

Now add routes to display login/logout links and a protected profile page. 📁 index.js
Key points:
  • requiresAuth() middleware protects the /profile route - unauthenticated users are redirected to login
  • req.oidc.user contains the authenticated user’s profile information
  • req.oidc.isAuthenticated() returns a boolean indicating login status
  • Login and logout routes (/login, /logout) are automatically created by the auth() middleware

6. Run your app

Start the development server:
Open your browser to http://localhost:3000.
CheckpointYou should now have a fully functional Auth0 login page. When you:
  1. Click “Login” - you’re redirected to Auth0’s Universal Login page
  2. Complete authentication - you’re redirected back to your app
  3. Visit “/profile” - you see your user information
  4. Click “Logout” - you’re logged out of both your app and Auth0

Advanced Usage

Use the requiresAuth() middleware to protect individual routes that require authentication:
You can also protect all routes under a specific path using Express Router:
To call external APIs that require an access token, configure the SDK to request one:📁 index.js (updated configuration)
Add these to your .env file:
Then use the access token to call your API:
To get refresh tokens, add offline_access to your scope:
Protect routes based on user claims (roles, permissions, etc.):
Claims like role must be added to your tokens via Auth0 Rules or Actions. Learn more about adding custom claims.
For production environments or when running multiple server instances, use a custom session store:
When to use a custom session store:
  • Running multiple server instances (load balancing)
  • Session data exceeds cookie size limits (~4KB)
  • Need session persistence across server restarts
  • Using back-channel logout
Add proper error handling for authentication errors:

Troubleshooting

”Invalid state” error after login

Problem: State mismatch between the authentication request and callback.Solutions:
  1. Ensure you’re using HTTPS in production
  2. Check that cookies are being set correctly (not blocked by browser)
  3. Verify callback URL matches exactly in Auth0 Dashboard

”req.oidc is undefined”

Problem: The auth() middleware is not applied before accessing req.oidc.Solution: Ensure app.use(auth(config)) is called before any route that accesses req.oidc:
Problem: User session data exceeds cookie size limits.Solution: Use a custom session store like Redis:

Callback URL mismatch

Problem: “Callback URL mismatch” error from Auth0.Solution:
  1. Go to your Auth0 Dashboard → Applications → Your App → Settings
  2. Add http://localhost:3000 (or your production URL) to Allowed Callback URLs
  3. The URL must match exactly (including trailing slashes)

Environment variables not loading

Problem: Configuration values are undefined.Solution:
  1. Ensure require('dotenv').config() is at the top of your entry file
  2. Verify .env file is in the root directory
  3. Check for typos in variable names

Next Steps

Now that you have authentication working, consider exploring:

Resources