auth0-express

仓库: auth0/agent-skills
安装量: 104
排名: #8071

安装

npx skills add https://github.com/auth0/agent-skills --skill auth0-express

Auth0 Express Integration Add authentication to Express.js web applications using express-openid-connect. Prerequisites Express.js application Auth0 account and application configured If you don't have Auth0 set up yet, use the auth0-quickstart skill first When NOT to Use Single Page Applications - Use auth0-react , auth0-vue , or auth0-angular for client-side auth Next.js applications - Use auth0-nextjs skill which handles both client and server Mobile applications - Use auth0-react-native for React Native/Expo Stateless APIs - Use JWT validation middleware instead of session-based auth Microservices - Use JWT validation for service-to-service auth Quick Start Workflow 1. Install SDK npm install express-openid-connect dotenv 2. Configure Environment For automated setup with Auth0 CLI , see Setup Guide for complete scripts. For manual setup: Create .env : SECRET = < openssl-rand-hex-3 2

BASE_URL

http://localhost:3000 CLIENT_ID = your-client-id CLIENT_SECRET = your-client-secret ISSUER_BASE_URL = https://your-tenant.auth0.com Generate secret: openssl rand -hex 32 3. Configure Auth Middleware Update your Express app ( app.js or index.js ): require ( 'dotenv' ) . config ( ) ; const express = require ( 'express' ) ; const { auth , requiresAuth } = require ( 'express-openid-connect' ) ; const app = express ( ) ; // Configure Auth0 middleware app . use ( auth ( { authRequired : false , // Don't require auth for all routes auth0Logout : true , // Enable logout endpoint secret : process . env . SECRET , baseURL : process . env . BASE_URL , clientID : process . env . CLIENT_ID , issuerBaseURL : process . env . ISSUER_BASE_URL , clientSecret : process . env . CLIENT_SECRET } ) ) ; app . listen ( 3000 , ( ) => { console . log ( 'Server running on http://localhost:3000' ) ; } ) ; This automatically creates: /login - Login endpoint /logout - Logout endpoint /callback - OAuth callback 4. Add Routes // Public route app . get ( '/' , ( req , res ) => { res . send ( req . oidc . isAuthenticated ( ) ? 'Logged in' : 'Logged out' ) ; } ) ; // Protected route app . get ( '/profile' , requiresAuth ( ) , ( req , res ) => { res . send ( `

Profile

Name: ${ req . oidc . user . name }

Email: ${ req . oidc . user . email } 

${
JSON
.
stringify
(
req
.
oidc
.
user
,
null
,
2
)
}

Logout ) ; } ) ; // Login/logout links app . get ( '/' , ( req , res ) => { res . send ( ${ req . oidc . isAuthenticated ( ) ? `

Welcome, ${ req . oidc . user . name } !

Profile Logout : Login } ) ; } ) ; 5. Test Authentication Start your server: node app.js Visit http://localhost:3000 and test the login flow. Detailed Documentation Setup Guide - Automated setup scripts, environment configuration, Auth0 CLI usage Integration Guide - Protected routes, sessions, API integration, error handling API Reference - Complete middleware API, configuration options, request properties Common Mistakes Mistake Fix Forgot to add callback URL in Auth0 Dashboard Add /callback path to Allowed Callback URLs (e.g., http://localhost:3000/callback ) Missing or weak SECRET Generate secure secret with openssl rand -hex 32 and store in .env as SECRET Setting authRequired: true globally Set to false and use requiresAuth() middleware on specific routes App created as SPA type in Auth0 Must be Regular Web Application type for server-side auth Session secret exposed in code Always use environment variables, never hardcode secrets Wrong baseURL for production Update BASE_URL to match your production domain Not handling logout returnTo Add your domain to Allowed Logout URLs in Auth0 Dashboard

返回排行榜