Skip to content

auth0/auth0-express

Repository files navigation

Auth0-Express Auth0-Express Mono Repo, containing SDKs for implementing user authentication in Express applications.

Release Downloads License Ask DeepWiki

📚 Packages - 🔎 Features - 💬 Feedback

Packages

Two SDKs — pick the one that matches your application:

  • @auth0/auth0-express — for server-rendered web apps where users log in. Authenticates with a browser session cookie and handles login, logout, callback, and session management.
  • @auth0/auth0-express-api — for APIs / resource servers consumed by SPAs, mobile, or services. Authenticates with an Authorization: Bearer <access_token> and authorizes by scopes and claims.

Features

Jump straight to the capability you need.

@auth0/auth0-express — Web applications

Feature What it does
Quick start Mount Auth0 with createAuth0 in a few lines
Environment variables Configure from AUTH0_* env vars instead of hardcoding
Migrate from express-openid-connect Supported legacy env var aliases for an easier move
Built-in routes /auth/login, /logout, /callback, back-channel logout
Custom login / logout / callback Roll your own routes instead of the mounted ones
Configure mounted routes Rename, re-path, or disable the built-in routes
Protect a route with a session Gate server-rendered pages behind a login session
Get the current session / user Read the authenticated user from req.auth0
Call an API (getAccessToken) Get an access token to call APIs as the user
Authorization with claims Restrict routes with claimEquals, claimIncludes, claimCheck
Dynamic app base URLs Infer the base URL per host or use an allow-list
Multiple Custom Domains (MCD) Resolve the Auth0 domain per request
Custom fetch Swap in your own fetch (proxies, retries, instrumentation)
Discovery cache Control caching of OIDC discovery metadata

@auth0/auth0-express-api — APIs

Feature What it does
Quick start Protect an API with createAuth0Api in a few lines
Environment variables Configure from AUTH0_* env vars instead of hardcoding
Protect an API route (requiresAuth) Require a valid bearer access token
Read token claims (req.auth0.user) Access claims extracted from the verified token
Require specific scopes Gate routes with scopesInclude (match any or all)
Authorization with claims Restrict routes with claimEquals, claimIncludes, claimCheck
Custom token / user type Type your custom claims via module augmentation
Custom fetch Swap in your own fetch (proxies, retries, instrumentation)

Running Examples

The following examples can be found in the examples directory:

Before running the examples, you need to install the dependencies for the monorepo and build all the packages.

  1. Install depedencies
$ npm install
  1. Build all packages
$ npm run build
  1. Follow example instructions

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please read the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the Apache License 2.0. See the LICENSE file for more info.

About

Auth0-Express Mono Repo, containing SDKs for implementing user authentication in Express applications.

Resources

License

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors