John Au-YeungCheck out my books on Amazon at https://www.amazon.com/John-Au-Yeung/e/B08FT5NT62
Subscribe to my email list now at http://jauyeung.net/subscribe/
Node.js is a popular runtime platform to create programs that run on it.
It lets us run JavaScript outside the browser.
In this article, we’ll look at how to start using Node.js to create programs.
Set Up Our App in Auth0
Before we write our app, we have to set up our Node app in Auth0.
To create our app in Auth0, we log into Auth0, then we go to https://manage.auth0.com/dashboard/us/dev-v7h077zn/applications to go to the Applications page.
Then we click Create Application to create a new application.
Once we did that, we click on Regular Web App, then click Create.
Then we click on Node.js to create our app.
Create the Express App
Once we created our Express app, we can write the following to create our app:
const express = require('express');
const bodyParser = require('body-parser');
const { auth } = require('express-openid-connect');
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true
}));
const config = {
authRequired: false,
auth0Logout: true,
secret: 'a long, randomly-generated string stored in env',
baseURL: 'http://localhost:3000',
clientID: 'client id',
issuerBaseURL: 'https://<domain>.us.auth0.com'
};
// auth router attaches /login, /logout, and /callback routes to the baseURL
app.use(auth(config));
// req.isAuthenticated is provided from the auth router
app.get('/', (req, res) => {
res.send(req.oidc.isAuthenticated() ? 'Logged in' : 'Logged out');
});
app.listen(3000, () => console.log('server started'));
We install the express-openid-connect package to let us add authentication with Open ID.
To install it, we run:
npm i express-openid-connect
to install the package.
We call the app.use(auth(config)); to add the routes for login, logout, and the callback route that’s called after authentication succeeds.
Then we can go to the / route and see if we’re authenticated or not.
We check if we’re authenticated by calling the req.oidc.isAuthenticated() method.
The config object has the clientID, issuerBaseURL, baseURL, and the secret properties.
We can get all them all from the app’s page in our Auth0 account.
issuerBaseURL is the domain that our app is hosted on.
Now when we go to http://localhost:3000/login , we should be able to log in with a Google account.
Getting Logged in User’s Data
To get the data of the currently logged in user, we can write:
const express = require('express');
const bodyParser = require('body-parser');
const { auth, requiresAuth } = require('express-openid-connect');
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true
}));
const config = {
authRequired: false,
auth0Logout: true,
secret: 'a long, randomly-generated string stored in env',
baseURL: 'http://localhost:3000',
clientID: 'client id',
issuerBaseURL: 'https://<domain>.us.auth0.com'
};
// auth router attaches /login, /logout, and /callback routes to the baseURL
app.use(auth(config));
// req.isAuthenticated is provided from the auth router
app.get('/', (req, res) => {
res.send(req.oidc.isAuthenticated() ? 'Logged in' : 'Logged out');
});
app.get('/profile', requiresAuth(), (req, res) => {
res.send(JSON.stringify(req.oidc.user));
});
app.listen(3000, () => console.log('server started'));
We add the /profile route with the middleware returned by the requiresAuth function to make it available only to authenticated users.
Then the req.oidc.user property has the user data.
Once we logged into the Google account, we should see the data from the /profile route.
Conclusion
We can add 3rd party auth into our Express app easily with Auth0.
