Download a sample project.

System Requirements

This tutorial and seed project have been tested with the following:

  • 1.4.5
  • NodeJS 5.0.0

1. Set up the Allowed Origin (CORS) in Auth0

Go to the Application Settings section in the Auth0 dashboard and make sure to add your URL as an Allowed Origin (CORS). If you're testing it locally, it should contain the following value:


2. Installation

Install socketio-jwt from npm and save it to your package.json using

npm install --save socketio-jwt

3. Add the Auth0 Script and Set the Viewport

Add the code below to the index.html file to include the Auth0 lock script and set the viewport:

<!-- Auth0Lock script -->
<script src=""></script>

<!-- Setting the right viewport -->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />

4. Configure Auth0Lock

Configure Auth0Lock with your clientId and domain:

var lock = null;
$(document).ready(function() {
   lock = new Auth0Lock('YOUR_CLIENT_ID', 'YOUR_NAMESPACE');

To discover all the available options, see User configurable options.

5. Implement the Login

To implement the login, call the .show() method of Auth0's lock instance when a user clicks the login button, and save the JWT token to localStorage for later use in calling a server or an API:

var userProfile;
var userToken = localStorage.getItem('userToken');;

lock.on('authenticated', function(authResult) {
    lock.getProfile(authResult.idToken, function(error, profile) {
        if (error) {
            // Handle error
        localStorage.setItem('userToken', authResult.idToken);
        userProfile = profile;
        userToken = authResult.idToken;

if (userToken) {
    lock.getProfile(userToken, function (err, profile) {
        if (err) {
            return alert('There was an error getting the profile: ' + err.message);
        userProfile = profile;

$('#login button').click(function(e){

6. Set Authorization for

Add the following to your index.js file.

var app = require('express')();
var http = require('http').Server(app);
var io = require('')(http);
var socketioJwt = require('socketio-jwt');

  .on('connection', socketioJwt.authorize({
    secret: Buffer('YOUR_CLIENT_SECRET', 'base64'),
    timeout: 15000 // 15 seconds to send the authentication message
  })).on('authenticated', function(socket) {
    //this socket is authenticated, we are good to handle more events from it.
    console.log('hello! ' + JSON.stringify(socket.decoded_token));

Note: If you are not using a base64-encoded secret, then you don't need to convert it to a Buffer, so you can use: secret: 'your secret or public key'.

7. Load the

Add the following snippet before the </body> on index.html

<script src="/"></script>
  var socket = io();
  socket.on('connect', function () {
  socket.on('authenticated', function () {

  .emit('authenticate', {token: userToken}); // send the jwt

No URL is specified when doing var socket = io();, because the default behaviour is to connect to the host that serves the page.

Try Auth0 for FREECreate free Account