We are using auth0 for our nodejs project, I would say it has made our life significantly better. Now we have considerably less burden on authentication process. As probably I was new in node js world it took me quite a time to figure out how to actually collect authentification token from auth0 mainly because they are using quite different term for their token than what I am used to, and I could not find a good straight forward tutorial on how to do that (I am not a great reader, I just read their example codes and it was not there). So here is how I did it:
In my setup-passport.js file I have got following:
var passport = require('passport'); var Auth0Strategy = require('passport-auth0'); var models = require('./models/index'); var strategy = new Auth0Strategy({ domain: 'x.auth0.com', clientID: 'xxx', clientSecret: 'xxxxxxx', callbackURL: 'http://localhost:3000/callback' }, function(accessToken, refreshToken, extraParams, profile, done) { // accessToken is the token to call Auth0 API (not needed in the most cases) // extraParams.id_token has the JSON Web Token // profile has all the information from the user //may like to create new user here; console.log({extra_params: extraParams}); ); passport.use(strategy); // This is not a best practice, but we want to keep things simple for now passport.serializeUser(function(user, done) { done(null, user); }); passport.deserializeUser(function(user, done) { done(null, user); }); module.exports = strategy;
And I have this at my app.js I have added following:
var passport = require('passport'); // This is the file we created in step 2. // This will configure Passport to use Auth0 var strategy = require('./setup-passport'); // Session and cookies middlewares to keep user logged in var cookieParser = require('cookie-parser'); var session = require('express-session'); app.use(cookieParser()); // See express session docs for information on the options: https://github.com/expressjs/session app.use(session({ secret: 'YOUR_SECRET_HERE', resave: false, saveUninitialized: false })); //... app.use(passport.initialize()); app.use(passport.session()); /* // Auth0 callback handler app.get('/callback', passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }), function(req, res) { if (!req.user) { throw new Error('user null'); } res.send({token: req.user}); //res.redirect("/user"); }); */ app.get('/callback', function(req, res, next ){ passport.authenticate('auth0', function(err, user, info) { if (err) { return next(err) } return res.json( { credentials: info, user: user }) })(req, res, next); });
My auth.js looks like:
var dotenv = require('dotenv'); dotenv.load(); var jwt = require('express-jwt'); module.exports = jwt({ secret: new Buffer(process.env.AUTH0_CLIENT_SECRET, 'base64'), audience: process.env.AUTH0_CLIENT_ID });
Routes that needs authentication looks like this:
var express = require('express'); var router = express.Router(); var model = require('../models/index'); var authenticate = require("../auth") /* GET users listing. */ router.get('/', authenticate, function(request, response, next) { model.User.find({ where:{ providerId: request.user.sub, }, }).then(function(user) { response.send(user); }); });
Here I go, I have got a functional authentication using passport auth0 strategy.
The “id_token” that we get from /callback is our authentication token.
$ token = "your id_token from /callback" $ curl -v -X GET -H "Content-Type: application/json" -d '{}' http://127.0.0.1:3000/users -H "Authorization: Bearer $token"