Express.js middleware for OpenID Relying Party (aka OAuth 2.0 Client). Easily add secure and standards-based authentication to Express applications.
This library requires:
- Node v10.13 or higher
- Express v4.16 or higher
- A session middleware like express-session or cookie-session
Please Note: This library is currently in pre-release status and has not had a complete security review. We do not recommend using this library in production yet. As we move towards early access, please be aware that releases may contain breaking changes. We will be monitoring the Issues queue here for feedback and questions. PRs and comments on existing PRs are welcome!
- Documentation
- Installation
- Getting Started
- Contributing
- Support + Feedback
- Vulnerability Reporting
- What is Auth0
- License
- Our Express Quickstart is the quickest way to get up and running from scratch.
- Use the Examples for common configurations for use cases beyond the basics.
- The API documentation details all configuration options, methods, and data that this library provides.
- You can run the sample application to see how this SDK functions without writing your own integration.
This library is installed with npm:
npm i express-openid-connect --save
The library needs the following values to request and accept authentication:
- Issuer Base URL: The base URL of the authorization server. If you're using Auth0, this is your tenant Domain pre-pended with
https://(likehttps://tenant.auth0.com) found on the Settings tab for your Application in the Auth0 dashboard. - Client ID: The identifier for your Application. If you're using Auth0, this value can also be found on the Settings tab for your Application.
- Base URL: The root URL for your application.
These can be configured in a .env file in the root of your application:
# .env
ISSUER_BASE_URL=https://YOUR_DOMAIN
CLIENT_ID=YOUR_CLIENT_ID
BASE_URL=https://YOUR_APPLICATION_ROOT_URL
... or in the library initialization:
// index.js
app.use(auth({
required: true,
issuerBaseURL: 'https://YOUR_DOMAIN',
baseURL: 'https://YOUR_APPLICATION_ROOT_URL',
clientID: 'YOUR_CLIENT_ID'
}));See Examples for how to get started authenticating users.
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
Contributions can be made to this library through PRs to fix issues, improve documentation or add features. Please fork this repo, create a well-named branch, and submit a PR with a complete template filled out.
Code changes in PRs should be accompanied by tests covering the changed or added functionality. Tests can be run for this library with:
npm install
npm testWhen you're ready to push your changes, please run the lint command first:
npm run lintPlease use the Issues queue in this repo for questions and feedback.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 helps you to easily:
- implement authentication with multiple identity providers, including social (e.g., Google, Facebook, Microsoft, LinkedIn, GitHub, Twitter, etc), or enterprise (e.g., Windows Azure AD, Google Apps, Active Directory, ADFS, SAML, etc.)
- log in users with username/password databases, passwordless, or multi-factor authentication
- link multiple user accounts together
- generate signed JSON Web Tokens to authorize your API calls and flow the user identity securely
- access demographics and analytics detailing how, when, and where users are logging in
- enrich user profiles from other data sources using customizable JavaScript rules
This project is licensed under the MIT license. See the LICENSE file for more info.