NodeJS Webapp Tutorial

Otherwise, Please follow the steps below to configure your existing NodeJS WebApp to use it with Auth0.

1. Add Passport dependencies

Just run the following code to install the dependencies and add them to your package.json

npm install passport passport-auth0 --save

2. Configure passport-auth0

We need to configure Passport to use Auth0 strategy.

var passport = require('passport');
var Auth0Strategy = require('passport-auth0');

var strategy = new Auth0Strategy({
    domain:       'YOUR_NAMESPACE',
    clientID:     'YOUR_CLIENT_ID',
    clientSecret: 'YOUR_CLIENT_SECRET',
    callbackURL:  '/callback'
  }, function(accessToken, refreshToken, extraParams, profile, done) {
    // accessToken is the token to call Auth0 API (not needed in the most cases)
    // extraParams.id_token has the JSON Web Token
    // profile has all the information from the user
    return done(null, profile);


// This is not a best practice, but we want to keep things simple for now
passport.serializeUser(function(user, done) {
  done(null, user);

passport.deserializeUser(function(user, done) {
  done(null, user);

module.exports = strategy;

3. Add needed requires & initialize passport configuration

In the startup file (e.g. server.js or app.js) add:

var passport = require('passport');

// This is the file we created in step 2.
// This will configure Passport to use Auth0
var strategy = require('./setup-passport');

// Session and cookies middlewares to keep user logged in
var cookieParser = require('cookie-parser');
var session = require('express-session');

4. Configure the middlewares

Now, just add the following middlewares to your app:

app.use(session({ secret: 'shhhhhhhhh' }));

5. Add Auth0 callback handler

We need to add the handler for the Auth0 callback so that we can authenticate the user and get his information.

// Auth0 callback handler
  passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }),
  function(req, res) {
    if (!req.user) {
      throw new Error('user null');

Please remember that for security purposes, you have to register the callback URL of your app on the Application Settings section on Auth0 Admin app.

In this case, the callbackURL should look something like:


6. Triggering login manually or integrating the Auth0Lock

There are different ways of integrating Auth0 in your site. Below, some of them with a preview and a code snippet to copy paste.

This is how it will look on a browser...

Auth0 JavaScript libraries are Open Source: Auth0Lock & Auth0.js

Note: Please note that the callbackURL specified in the Auth0Lock constructor must match the one specified in the previous step

7. Accessing user information

You can access the user information via the user field in the request

app.get('/user', function (req, res) {
  res.render('user', {
    user: req.user

8. You're done!

You have configured your NodeJS Webapp to use Auth0. Congrats, you're awesome!

Optional steps

Checking if the user is authenticated

You can add the following middleware to check if the user is authenticated and redirect him to the login page if he's not:

// requiresLogin.js
module.exports = function(req, res, next) {
  if (!req.isAuthenticated()) {
    return res.redirect('/');
// user.js
var requiresLogin = require('requiresLogin');

  function (req, res) {
    res.render('user', {
      user: req.user