auth0-express

Auth0 Express Integration

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "auth0-express" with this command: npx skills add auth0/agent-skills/auth0-agent-skills-auth0-express

Auth0 Express Integration

Add authentication to Express.js web applications using express-openid-connect.

Prerequisites

  • Express.js application

  • Auth0 account and application configured

  • If you don't have Auth0 set up yet, use the auth0-quickstart skill first

When NOT to Use

  • Single Page Applications - Use auth0-react , auth0-vue , or auth0-angular for client-side auth

  • Next.js applications - Use auth0-nextjs skill which handles both client and server

  • Mobile applications - Use auth0-react-native for React Native/Expo

  • Stateless APIs - Use JWT validation middleware instead of session-based auth

  • Microservices - Use JWT validation for service-to-service auth

Quick Start Workflow

  1. Install SDK

npm install express-openid-connect dotenv

  1. Configure Environment

For automated setup with Auth0 CLI, see Setup Guide for complete scripts.

For manual setup:

Create .env :

SECRET=<openssl-rand-hex-32> BASE_URL=http://localhost:3000 CLIENT_ID=your-client-id CLIENT_SECRET=your-client-secret ISSUER_BASE_URL=https://your-tenant.auth0.com

Generate secret: openssl rand -hex 32

  1. Configure Auth Middleware

Update your Express app (app.js or index.js ):

require('dotenv').config(); const express = require('express'); const { auth, requiresAuth } = require('express-openid-connect');

const app = express();

// Configure Auth0 middleware app.use(auth({ authRequired: false, // Don't require auth for all routes auth0Logout: true, // Enable logout endpoint secret: process.env.SECRET, baseURL: process.env.BASE_URL, clientID: process.env.CLIENT_ID, issuerBaseURL: process.env.ISSUER_BASE_URL, clientSecret: process.env.CLIENT_SECRET }));

app.listen(3000, () => { console.log('Server running on http://localhost:3000'); });

This automatically creates:

  • /login

  • Login endpoint

  • /logout

  • Logout endpoint

  • /callback

  • OAuth callback

  1. Add Routes

// Public route app.get('/', (req, res) => { res.send(req.oidc.isAuthenticated() ? 'Logged in' : 'Logged out'); });

// Protected route app.get('/profile', requiresAuth(), (req, res) => { res.send( &#x3C;h1>Profile&#x3C;/h1> &#x3C;p>Name: ${req.oidc.user.name}&#x3C;/p> &#x3C;p>Email: ${req.oidc.user.email}&#x3C;/p> &#x3C;pre>${JSON.stringify(req.oidc.user, null, 2)}&#x3C;/pre> &#x3C;a href="/logout">Logout&#x3C;/a> ); });

// Login/logout links app.get('/', (req, res) => { res.send( ${req.oidc.isAuthenticated() ? <p>Welcome, ${req.oidc.user.name}!</p> <a href="/profile">Profile</a> <a href="/logout">Logout</a> : <a href="/login">Login</a> } ); });

  1. Test Authentication

Start your server:

node app.js

Visit http://localhost:3000 and test the login flow.

Detailed Documentation

  • Setup Guide - Automated setup scripts, environment configuration, Auth0 CLI usage

  • Integration Guide - Protected routes, sessions, API integration, error handling

  • API Reference - Complete middleware API, configuration options, request properties

Common Mistakes

Mistake Fix

Forgot to add callback URL in Auth0 Dashboard Add /callback path to Allowed Callback URLs (e.g., http://localhost:3000/callback )

Missing or weak SECRET Generate secure secret with openssl rand -hex 32 and store in .env as SECRET

Setting authRequired: true globally Set to false and use requiresAuth() middleware on specific routes

App created as SPA type in Auth0 Must be Regular Web Application type for server-side auth

Session secret exposed in code Always use environment variables, never hardcode secrets

Wrong baseURL for production Update BASE_URL to match your production domain

Not handling logout returnTo Add your domain to Allowed Logout URLs in Auth0 Dashboard

Related Skills

  • auth0-quickstart

  • Basic Auth0 setup

  • auth0-migration

  • Migrate from another auth provider

  • auth0-mfa

  • Add Multi-Factor Authentication

Quick Reference

Middleware Options:

  • authRequired

  • Require auth for all routes (default: false)

  • auth0Logout

  • Enable /logout endpoint (default: false)

  • secret

  • Session secret (required)

  • baseURL

  • Application URL (required)

  • clientID

  • Auth0 client ID (required)

  • issuerBaseURL

  • Auth0 tenant URL (required)

Request Properties:

  • req.oidc.isAuthenticated()

  • Check if user is logged in

  • req.oidc.user

  • User profile object

  • req.oidc.accessToken

  • Access token for API calls

  • req.oidc.idToken

  • ID token

  • req.oidc.refreshToken

  • Refresh token

Common Use Cases:

  • Protected routes → Use requiresAuth() middleware (see Step 4)

  • Check auth status → req.oidc.isAuthenticated()

  • Get user info → req.oidc.user

  • Call APIs → Integration Guide

References

  • Express OpenID Connect Documentation

  • Auth0 Express Quickstart

  • SDK GitHub Repository

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

auth0-quickstart

No summary provided by upstream source.

Repository SourceNeeds Review
570-auth0
Automation

auth0-nextjs

No summary provided by upstream source.

Repository SourceNeeds Review
325-auth0
Automation

auth0-react

No summary provided by upstream source.

Repository SourceNeeds Review
324-auth0
Automation

auth0-react-native

No summary provided by upstream source.

Repository SourceNeeds Review
135-auth0