We are using auth0 for our nodejs project, I would say it has made our life significantly better. Now we have considerably less burden on authentication process. As probably I was new in node js world it took me quite a time to figure out how to actually collect authentification token from auth0 mainly because they are using quite different term for their token than what I am used to, and I could not find a good straight forward tutorial on how to do that (I am not a great reader, I just read their example codes and it was not there). So here is how I did it:
In my setup-passport.js file I have got following:
var passport = require('passport');
var Auth0Strategy = require('passport-auth0');
var models = require('./models/index');
var strategy = new Auth0Strategy({
domain: 'x.auth0.com',
clientID: 'xxx',
clientSecret: 'xxxxxxx',
callbackURL: 'http://localhost:3000/callback'
}, function(accessToken, refreshToken, extraParams, profile, done) {
// accessToken is the token to call Auth0 API (not needed in the most cases)
// extraParams.id_token has the JSON Web Token
// profile has all the information from the user
//may like to create new user here;
console.log({extra_params: extraParams});
);
passport.use(strategy);
// This is not a best practice, but we want to keep things simple for now
passport.serializeUser(function(user, done) {
done(null, user);
});
passport.deserializeUser(function(user, done) {
done(null, user);
});
module.exports = strategy;
And I have this at my app.js I have added following:
var passport = require('passport');
// This is the file we created in step 2.
// This will configure Passport to use Auth0
var strategy = require('./setup-passport');
// Session and cookies middlewares to keep user logged in
var cookieParser = require('cookie-parser');
var session = require('express-session');
app.use(cookieParser());
// See express session docs for information on the options: https://github.com/expressjs/session
app.use(session({ secret: 'YOUR_SECRET_HERE', resave: false, saveUninitialized: false }));
//...
app.use(passport.initialize());
app.use(passport.session());
/*
// Auth0 callback handler
app.get('/callback',
passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }),
function(req, res) {
if (!req.user) {
throw new Error('user null');
}
res.send({token: req.user});
//res.redirect("/user");
});
*/
app.get('/callback', function(req, res, next ){
passport.authenticate('auth0', function(err, user, info) {
if (err) { return next(err) }
return res.json( { credentials: info, user: user })
})(req, res, next);
});
My auth.js looks like:
var dotenv = require('dotenv');
dotenv.load();
var jwt = require('express-jwt');
module.exports = jwt({
secret: new Buffer(process.env.AUTH0_CLIENT_SECRET, 'base64'),
audience: process.env.AUTH0_CLIENT_ID
});
Routes that needs authentication looks like this:
var express = require('express');
var router = express.Router();
var model = require('../models/index');
var authenticate = require("../auth")
/* GET users listing. */
router.get('/', authenticate, function(request, response, next) {
model.User.find({
where:{
providerId: request.user.sub,
},
}).then(function(user) {
response.send(user);
});
});
Here I go, I have got a functional authentication using passport auth0 strategy.
The “id_token” that we get from /callback is our authentication token.
$ token = "your id_token from /callback"
$ curl -v -X GET -H "Content-Type: application/json" -d '{}' http://127.0.0.1:3000/users -H "Authorization: Bearer $token"