Simplified Node.js Authentication with the Integration of Auth0

December 10, 2019

Authentication is an important process for many applications. Integrating Auth0 into Node.js can simplify the authentication process and make it much easier for developers. In this blog, you’ll learn how to create a simple and secure Node.js application with the Express web framework by integrating auth0 API in the application.

What is Auth0 and Why Use It in Node.js?

Auth0 is a popular and reliable authentication platform that helps developers to implement authentication and authorization in their web and mobile applications. It is an identity-as-a-service (IDaaS) provider that offers developers a suite of security features to safeguard user identity and access management.

Node.js is a popular and versatile server-side runtime environment that provides developers with the freedom to develop scalable and high-performance web applications. Node.js is well-suited for building real-time applications, data streaming services, and microservices. Hire dedicated Node.js developers who have an easy-to-use and lightweight approach to building applications, and with the integration of Auth0, developers can implement secure and scalable authentication and authorization mechanisms in their applications with ease.

The use of Auth0 in Node.js provides many benefits for developers, including:

1. Security – Auth0 provides robust security measures to protect user credentials and secure access management.

2. Scalability – Auth0 supports seamless scalability to meet the needs of growing applications and user bases.

3. User Experience – Auth0 provides a seamless and user-friendly experience for users, simplifying the process of signing in and accessing protected resources.

4. Time-saving – Integration with Auth0 simplifies the development process, saving developers time and effort.

Prerequisites

  • Basic understanding of Node.js and JavaScript.
  • A terminal app for MacOS and Linux or PowerShell for Windows.
  • Node.js v8+ and a Node.js package manager installed locally.

To install Node.js and NPM, use any of the official Node.js installers provided for your operating system.

Create a new Node.js project using Express generator:

Express generator

  • Install the express generator globally on your system.
  • Create a new project using the express engine, if you are not an admin user, then you may need admin access for writing files into the directory.

express engine

express engine 1

  • After creating a new project, route it into the project directory

node4

  • Install the project dependencies
  • There may be chances that you will find some vulnerabilities while installing the project dependencies but don’t worry just run the below command to fix all the vulnerabilities. If there is still some vulnerability left in the code, just remove that package from the package.json file from the root of your project and again run the npm install command.

audit fix

  • Run the app server using the node

app server using node

  • To see if the app is running or not, visit http://localhost:8042 on any browser.

Signing up for a free auth0 account:

  • During the sign-up process on auth0.com, you’ll need to create a Tenant, which represents your domain, and then enter all the details related to your account and select the correct region.
  • Create a new Application “MyAPP” from the dashboard page and choose its type as Regular Web Application and technology as Node.js

a) Copy auth0 configuration variables (client id, client secret, and domain) and add them to our Node.js application by creating a hidden file called .env under the root project directory to store configuration variables and add this file to git ignore.

Regular Web Application

b) Choose the POST method in Token Endpoint Authentication Method

c) Click on Advance settings at the bottom of the tab, then open the Grant types tab, and then choose Client Credentials, Password, and MFA Grant type as checked

  • Open Connection -> Database from the navigation panel on the dashboard

a) Create a new Database connection as “MyDB” and use this name in the env file of the project

Open Connection

b) Click on the Applications tab from the same panel and then choose your newly created Application “MyAPP” from the list.

  • Open APIs from the navigation panel on the dashboard

a) Open default Auth0 Management API and go to the Machine to the Machine Applications tab

b) Select your “MyAPP” (newly created) application as checked and choose all the permissions according to your requirement.

All the information stored in the env file must be kept confidential at all times.

Now all the settings are set up on the auth0 panel, now use the environment variables in our app.

Setting up user authentication in the Node.js project

  • To start, you need to create a login and signup GET request endpoints.
  • Create a new Mongo database on your local server and use its credentials in the database model in the project files.

mongo database

  • To connect your app with Auth0, you’ll use the Node.js SDKs. So, install the auth0 project dependency using terminal.

Auth0

  • Use the express-session npm package to store the user’s session whenever he is logged in. Configure all the details for express-session in the project.
  • Modify the signup screen according to your requirement. This screen automatically comes with a default express-generator setup. Now create a post route for the signup page and implement the auth0 AuthenticationClient database signup process for it. The below function will create a new user on auth0.

express generator setup

  • Now modify the login screen according to your requirement. This screen will also comes with a default express-generator setup. Then create a post route and its middleware in the project. Add an auth0 password grant request to validate the user’s credentials.

auth0 password grant request

  • Auth0 AuthenticationClient password grant will invoke with the authentication data as arguments like idToken, accessToken, refreshToken, etc which will be used in the project for further authentication.
  • As Auth0 does all the credential validation for you, so there is no need for storing the password in our database.

Logging into a Node.js Express app

  • Open the browser tab where your application is running and click the login button to test that the app is communicating correctly with Auth0
  • If you’ve set up everything correctly, the application redirects you to the Universal Login page

Logging into a Nodejs

Auth0 Integration Completed

That’s it! In this blog, you have learned how auth0 will interact with our Node.js express project, and how to configure all the settings on the auth0 dashboard. You can clone this project from our version control.

Auth0 Integration

Thank you for your time!

Our Latest Updates