Express

You will need to register your application with Auth0 in order to start authenticating users. Go to the Applications screen in the Auth0 dashboard, create a new Regular Web Application, and follow the steps below.

A callback URL is an application route where Auth0 redirects users after they have authenticated. This URL must be registered with Auth0 or else users will be unable to log in to the application and will get a "Callback URL mismatch" error.

The callback URL for the application created in this quickstart is http://localhost:3000/callback. Paste that in the Allowed Callback URLs field for the application you just created.

A logout URL is an application route that Auth0 can return users to after logging out. This URL must be registered with Auth0 or else users will be unable to log out of the application and will get a "misconfiguration" error.

The logout URL for the application created in this quickstart is http://localhost:3000. Paste that in the Allowed Logout URLs field for the application you just created, then scroll down and click Save Changes.

Finally, copy the following fields for your application for use in step 7:

• Domain
• Client ID

Your application will need the express-openid-connect package which is an Auth0-maintained OIDC-compliant library for Express.

npm install express express-openid-connect --save

The Express OpenID Connect library provides the auth router in order to attach authentication routes to your application. You will need to configure the router with the following configuration keys:

• authRequired - Controls whether authentication is required for all routes
• auth0Logout - Uses Auth0 logout feature
• baseURL - The URL where the application is served
• secret - A long, random string used to encrypt the session cookie
• issuerBaseURL - The Domain as a secure URL found in your Application settings
• clientID - The Client ID found in your Application settings

Here is an example configuration using this router:

const { auth } = require('express-openid-connect');

const config = {
  authRequired: false,
  auth0Logout: true,
  baseURL: 'http://localhost:3000',
  clientID: '{yourClientId}',
  issuerBaseURL: 'https://{yourDomain}',
  secret: 'LONG_RANDOM_STRING'
};

// auth router attaches /login, /logout, and /callback routes to the baseURL
app.use(auth(config));

// req.isAuthenticated is provided from the auth router
app.get('/', (req, res) => {
  res.send(req.oidc.isAuthenticated() ? 'Logged in' : 'Logged out')
});

For additional configuration options visit the API documentation.

A user can now log into your application by visiting the /login route provided by the library. If you are running your project on localhost:3000 that link would be http://localhost:3000/login.

To display the user's profile, your application should provide a protected route.

Add the requiresAuth middleware for routes that require authentication. Any route using this middleware will check for a valid user session and, if one does not exist, it will redirect the user to log in.

const { requiresAuth } = require('express-openid-connect');

app.get('/profile', requiresAuth(), (req, res) => {
  res.send(JSON.stringify(req.oidc.user));
});

A user can log out of your application by visiting the /logout route provided by the library. If you are running your project on localhost:3000 that link would be http://localhost:3000/logout.

We put together a few examples of how to use Express OpenID Connect in more advanced use cases:

• Route Customization
• Obtaining access tokens for external APIs
• Require auth for specific routes