Integrate Auth0 in Node.js

December 10, 2019

In this blog, you’ll learn how to create a simple and secure Node.js application with the Express web framework by integrating auth0 API’s in the application.

Prerequisites

  • Basic understanding of Node.js and JavaScript.
  • A terminal app for MacOS and Linux or PowerShell for Windows.
  • Node.js v8+ and a Node.js package manager installed locally.

To install Node.js and NPM, use any of the official Node.js installers provided for your operating system.

Create a new Node.js project using Express generator:

Express generator

  • Install express generator globally on your system.
  • Create a new project using express engine, if you are not a admin user, then you may need admin access for writing files into the directory.

express engine

express engine 1

  • After creating a new project, route into the project directory

node4

  • Install the project dependencies
  • There may be chances that you will find some vulnerabilities while installing the project dependencies but don’t worry just run the below command to fix all the vulnerabilities. If there is still some vulnerability left in the code, just remove that package from the package.json file from the root of your project and again run the npm install command.

audit fix

  • Run the app server using node

app server using node

  • To see the app is running or not, visit http://localhost:8042 on any browser.

Signing up for a free auth0 account:

  • During the sign-up process on auth0.com, you’ll need to create a Tenant, which represents your domain and then enter all the details related to your account and select the correct region.
  • Create a new Application “MyAPP” from the dashboard page and choose its type as Regular Web Application and technology as Node.js

a) Copy auth0 configuration variables (client id, client secret and domain) and add them in our Node.js application by creating a hidden file called .env under root project directory to store configuration variables and add this file to gitignore.

Regular Web Application

b) Choose POST method in Token Endpoint Authentication Method

c) Click on Advance settings at the bottom of the tab, then open Grant types tab and then choose Client Credentials, Password and MFA Grant type as checked

  • Open Connection -> Database from the navigation panel on the dashboard

a) Create a new Database connection as “MyDB” and use this name in the env file of the project

Open Connection

b) Click on Applications tab from the same panel and then choose your newly created Application “MyAPP” from the list.

  • Open APIs from the navigation panel on the dashboard

a) Open default Auth0 Management API and go to Machine to Machine Applications tab

b) Select your “MyAPP” (newly created) application as checked and choose all the permissions according to your requirement.

All the information stored in the env file must be kept confidential at all times.

Now all the settings are setup on the auth0 panel, now use the environment variables in our app.

Setting up user authentication in Node.js project

  • To start, you need to create a login and signup GET request endpoints.
  • Create a new mongo database on your local server and use its credentials in the database model in the project files.

mongo database

  • To connect your app with Auth0, you’ll use the Node.js SDKs. So, install the auth0 project dependency using terminal.

Auth0

  • Use express-session npm package to store the user’s session whenever he is logged in. Configure all the details for express-session in the project.
  • Modify the signup screen according to your requirement. This screen automatically comes with default express generator setup. Now create a post route for the signup page and implement auth0 AuthenticationClient database signup process for it. Below function will create a new user on auth0.

express generator setup

  • Now modify the login screen according to your requirement. This screen will also comes with default express generator setup. Then create a post route and its middleware in the project. Add a auth0 password grant request to validate the users credentials.

auth0 password grant request

  • Auth0 AuthenticationClient password grant will invokes with the authentication data as arguments like idToken, accessToken, refreshToken, etc which will be used in the project for further authentication.
  • As Auth0 does all the credential validation for you, so there is no need for storing the password in our database.

Logging into a Node.js Express app

  • Open the browser tab where your application is running and click the login button to test that the app is communicating correctly with Auth0
  • If you’ve set up everything correctly, the application redirects you to the Universal Login page

Logging into a Nodejs

Auth0 Integration Completed

That’s it! In this blog, you have learned how auth0 will interact with our Node.js express project, how to configure all the settings on auth0 dashboard. You can clone this project from our version control.

Auth0 Integration

Thank you for your time!