setup nodejs api server powered by passport auth0 strategy

We are using auth0 for our nodejs project, I would say it has made our life significantly better. Now we have considerably less burden on authentication process. As probably I was new in node js world it took me quite a time to figure out how to actually collect authentification token from auth0 mainly because they are using quite different term for their token than what I am used to, and I could not find a good straight forward tutorial on how to do that (I am not a great reader, I just read their example codes and it was not there). So here is how I did it:

In my setup-passport.js file I have got following:

var passport = require('passport');
var Auth0Strategy = require('passport-auth0');

    var models = require('./models/index');


var strategy = new Auth0Strategy({
    domain:       'x.auth0.com',
    clientID:     'xxx',
    clientSecret: 'xxxxxxx',
    callbackURL:  'http://localhost:3000/callback'
  }, function(accessToken, refreshToken, extraParams, profile, done) {
    // accessToken is the token to call Auth0 API (not needed in the most cases)
    // extraParams.id_token has the JSON Web Token
    // profile has all the information from the user

    //may like to create new user here;
    console.log({extra_params: extraParams});

);

passport.use(strategy);

// This is not a best practice, but we want to keep things simple for now
passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(user, done) {
  done(null, user);
});

module.exports = strategy;

And I have this at my app.js I have added following:

var passport = require('passport');

// This is the file we created in step 2.
// This will configure Passport to use Auth0
var strategy = require('./setup-passport');

// Session and cookies middlewares to keep user logged in
var cookieParser = require('cookie-parser');
var session = require('express-session');



app.use(cookieParser());
// See express session docs for information on the options: https://github.com/expressjs/session
app.use(session({ secret: 'YOUR_SECRET_HERE', resave: false,  saveUninitialized: false }));
//...
app.use(passport.initialize());
app.use(passport.session());


/*
// Auth0 callback handler
app.get('/callback',
passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }),
function(req, res) {
if (!req.user) {
throw new Error('user null');
}
res.send({token: req.user});
//res.redirect("/user");
});
*/

app.get('/callback', function(req, res, next ){
passport.authenticate('auth0', function(err, user, info) {
if (err) { return next(err) }

return res.json( { credentials: info, user: user })

})(req, res, next);
});

My auth.js looks like:

var dotenv = require('dotenv');
dotenv.load();

var jwt = require('express-jwt');

module.exports =  jwt({
    secret: new Buffer(process.env.AUTH0_CLIENT_SECRET, 'base64'),
    audience: process.env.AUTH0_CLIENT_ID
  });

Routes that needs authentication looks like this:

var express = require('express');
var router = express.Router();
var model = require('../models/index');


var authenticate = require("../auth")

/* GET users listing. */
router.get('/', authenticate, function(request, response, next) {

    model.User.find({
        where:{ 
            providerId: request.user.sub,
         },

    }).then(function(user) {        
        response.send(user);
    });  
});

Here I go, I have got a functional authentication using passport auth0 strategy.

The “id_token” that we get from /callback is our authentication token.

$ token = "your id_token from /callback" 
$ curl -v -X GET  -H "Content-Type: application/json" -d '{}' http://127.0.0.1:3000/users -H "Authorization: Bearer $token"