Using Auth0 with node.js

Integrating Auth0 with node is straight forward. At the end of this tutorial you will have a working web site, capable of authenticating users with an external identity provider (no more passwords in your app!).

If you are building a node based app, you are very likely using passportjs, the well known middleware for authentication. We've built a strategy for passport that makes integration even simpler. There's not really much magic there, just boilerplate code.

'Strategies' are in essence passport plugins.

Before you start

Here's what you do for integrating Auth0 in your app with passport:

1. Install the Auth0 strategy

npm install passport passport-auth0 --save

TIP: Don't have an app to play with? You can create one very easily with express. Run npm install express -g followed by express. That will create a simple "hello world" express website.

2. Initialize passport-auth0

Create a new file setup-passport.js with the following code:

var passport = require('passport');
var Auth0Strategy = require('passport-auth0');

var strategy = new Auth0Strategy({  
    domain:       'YOUR_NAMESPACE',
    clientID:     'YOUR_CLIENT_ID',
    clientSecret: 'YOUR_CLIENT_SECRET',
    callbackURL:  '/callback'
  }, function(accessToken, refreshToken, profile, done) {
    //Some tracing info
    console.log('profile is', profile);
    return done(null, profile);


// This is not a best practice, but we want to keep things simple for now
passport.serializeUser(function(user, done) {
  done(null, user); 

passport.deserializeUser(function(user, done) {
  done(null, user);

module.exports = strategy; 

TIP: you typically would put this file under a 'lib' folder

3. Initialize passport in your app

In the startup file (e.g. server.js or app.js) add:

var passport = require('passport');
var strategy = require('./setup-passport');

and then in the app.configure function make sure to have the cookieParser and session middlewares and then add the passport middlewares:

  app.use(express.session({ secret: 'shhhhhhhhh' }));

The last bit of code you will need are the handlers for the passport callbacks:

// Auth0 callback handler
  passport.authenticate('auth0', { failureRedirect: '/url-if-something-fails' }), 
  function(req, res) {
    if (!req.user) {
      throw new Error('user null');

4. Setting up the callback URL in Auth0

After authenticating the user on Auth0, we will do a GET to a URL on your web site. For security purposes, you have to register this URL on the Application Settings section on Auth0 Admin app.


5. Triggering login manually or integrating the Auth0 widget

There are different ways of integrating Auth0 in your site. Below, some of them with a preview and a code snippet to copy paste.

This is how it will look on a browser...

Auth0 JavaScript libraries are Open Source:

6. Accessing user information

Once the user succesfuly authenticated to the application, a user will be generated which can be accessed through the req.user property.

app.get('/', function (req, res) {
  res.render('home', {
    user: JSON.stringify(req.user, 0, 2)

The user profile is normalized regardless of where the user came from. For more information about the normalized user profile read this.