NodeJS Web App Tutorial

You can get started by either downloading the seed project or if you would like to add Auth0 to an existing application you can follow the tutorial steps.

System Requirements

This tutorial and seed project have been tested with the following:

  • NodeJS 4.3
  • Express 4.11

Download a sample project.

If you have an existing application, follow the steps below.

1. Add Passport dependencies

Just run the following code to install the dependencies and add them to your package.json

npm install passport passport-auth0 express-session --save

2. Configure passport-auth0

We need to configure Passport to use Auth0 strategy.

Create a file called setup-passport.js and add these contents to it:

var passport = require('passport');
var Auth0Strategy = require('passport-auth0');

var strategy = new Auth0Strategy({
    domain:       'YOUR_NAMESPACE',
    clientID:     'YOUR_CLIENT_ID',
    clientSecret: 'YOUR_CLIENT_SECRET',
    callbackURL:  '/callback'
  }, function(accessToken, refreshToken, extraParams, profile, done) {
    // accessToken is the token to call Auth0 API (not needed in the most cases)
    // extraParams.id_token has the JSON Web Token
    // profile has all the information from the user
    return done(null, profile);


// This is not a best practice, but we want to keep things simple for now
passport.serializeUser(function(user, done) {
  done(null, user);

passport.deserializeUser(function(user, done) {
  done(null, user);

module.exports = strategy;

3. Add needed requires & initialize passport configuration

In the startup file (e.g. server.js or app.js) add:

var passport = require('passport');

// This is the file we created in step 2.
// This will configure Passport to use Auth0
var strategy = require('./setup-passport');

// Session and cookies middlewares to keep user logged in
var cookieParser = require('cookie-parser');
var session = require('express-session');

4. Configure the middlewares

Now, just add the following middlewares to your app:

// See express session docs for information on the options:
app.use(session({ secret: 'YOUR_SECRET_HERE', resave: false,  saveUninitialized: false }));

5. Add Auth0 callback handler

We need to add the handler for the Auth0 callback so that we can authenticate the user and get their information.

// Auth0 callback handler
  passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }),
  function(req, res) {
    if (!req.user) {
      throw new Error('user null');

Please remember that for security purposes, you have to register the callback URL of your app on the Application Settings section.

In this case, the callbackURL should look something like:


6. Triggering login manually or integrating the Auth0Lock

There are different ways of integrating Auth0 in your site. Below, some of them with a preview and a code snippet to copy paste.

This is how it will look on a browser...

Auth0 JavaScript libraries are Open Source: Auth0Lock & Auth0LockPasswordless & Auth0.js

Note: Please note that the callbackURL specified in the Auth0Lock constructor must match the one specified in the previous step

7. Accessing user information

You can access the user information via the user field in the request

app.get('/user', function (req, res) {
  res.render('user', {
    user: req.user

8. You're done!

You have configured your NodeJS Webapp to use Auth0. Congrats, you're awesome!

Optional steps

Checking if the user is authenticated

You can add the following middleware to check if the user is authenticated and redirect him to the login page if he's not:

// requiresLogin.js
module.exports = function(req, res, next) {
  if (!req.isAuthenticated()) {
    return res.redirect('/');
// user.js
var requiresLogin = require('requiresLogin');

  function (req, res) {
    res.render('user', {
      user: req.user
Suggestions? Typos? Edit this document on GitHub
Don't have an account yet?Try Auth0 for Free