Node.js Login

Sample Project

Download a sample project specific to this tutorial configured with your Auth0 API Keys.

System Requirements
  • NodeJS 4.3 or higher
  • Express 4.16
Show requirements

Before you start

This guide walks you through setting up authentication and authorization in your Node.js apps with Auth0. If you are new to Auth0 we suggest you check our Overview. For a complete picture of authentication and authorization for regular web apps, check our Single Sign-On for Regular Web Apps documentation.

Auth0 uses OAuth. If you want to learn more about the OAuth flows used by regular web apps, read about Authentication for Server-side Web Apps.

Get Your Application Keys

When you signed up for Auth0, you created a new client.

Your application needs some details about this client to communicate with Auth0. You can get these details from the Settings section for your client in the Auth0 dashboard.

You need the following information:

  • Client ID
  • Domain

If you download the sample from the top of this page, these details are filled out for you. If you have more than one client in your account, the sample comes with the values for your Default App.

App Dashboard

Configure Callback URLs

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

You need to whitelist the callback URL for your app in the Allowed Callback URLs field in your Client Settings. If you do not set any callback URL, your users will see a mismatch error when they log in.

If you are following along with the sample project you downloaded from the top of this page, Callback URL should be set to http://localhost:3000/callback.

Install the Middleware Dependencies

Install the necessary middleware.

# installation with npm
npm install passport passport-auth0 connect-ensure-login --save

# installation with yarn
yarn add passport passport-auth0 connect-ensure-login

Configure the Middleware

Create a new instance of the Auth0Strategy strategy. Enter your Auth0 client details as configuration values. Tell passport to use this strategy.

// app.js

const passport = require('passport');
const Auth0Strategy = require('passport-auth0');

// Configure Passport to use Auth0
const strategy = new Auth0Strategy(
    domain: 'YOUR_AUTH0_DOMAIN',
    clientID: 'YOUR_CLIENT_ID',
    clientSecret: 'YOUR_CLIENT_SECRET',
    callbackURL: 'http://localhost:3000/callback'
  (accessToken, refreshToken, extraParams, profile, done) => {
    return done(null, profile);


// This can be used to keep a smaller payload
passport.serializeUser(function(user, done) {
  done(null, user);

passport.deserializeUser(function(user, done) {
  done(null, user);

// ...

Trigger Authentication

The Auth0 hosted login page is the easiest way to set up authentication in your application. We recommend using the Auth0 hosted login page for the best experience, best security and the fullest array of features.

You can also embed the Lock widget directly in your application. If you use this method, some features, such as single sign-on, will not be accessible. To learn how to embed the Lock widget in your application, follow the Embedded Login sample.

Add a route called /login. Use the env object to set the following properties for your client:

  • Client ID
  • Domain
  • Callback URL

The route creates an instance of the auth0.WebAuth object. Then, the route calls the authorize method and redirects the user to the Auth0 hosted login page.

You need to make sure you get an OIDC-conformant response. You can achieve it two ways:

  • set the audience.
  • turn on the OIDC conformant switch in your Auth0 dashboard.

The example below shows how to set the audience to get an OIDC-conformant response. To turn on the OIDC conformant switch, in your Client Settings, click on Show Advanced Settings > OAuth. To learn more, read the net flows documentation.

// routes/index.js

const express = require('express');
const passport = require('passport');
const router = express.Router();

const env = {
  AUTH0_CALLBACK_URL: 'http://localhost:3000/callback'

/* GET home page. */
router.get('/', function(req, res, next) {

// Perform the login
  passport.authenticate('auth0', {
    clientID: env.AUTH0_CLIENT_ID,
    domain: env.AUTH0_DOMAIN,
    redirectUri: env.AUTH0_CALLBACK_URL,
    audience: 'https://' + env.AUTH0_DOMAIN + '/userinfo',
    responseType: 'code',
    scope: 'openid'
  function(req, res) {

// Perform session logout and redirect to homepage
router.get('/logout', (req, res) => {

// Perform the final stage of authentication and redirect to '/user'
  passport.authenticate('auth0', {
    failureRedirect: '/'
  function(req, res) {
    res.redirect(req.session.returnTo || '/user');

hosted login

Next Tutorial
2. User Profile
Was this article helpful?
Use Auth0 for FREECreate free Account