auth0-nodejs-poc

Auth0 NodeJS proof of concept

What I did

1. Sign up for a free account at Auth0

2. Create a new server application (NodeJS/Express)

3. Callback URL: http://localhost:3000 (default)

4. Create a new local cert = localhost-key.pem with a key = localhost.pem:

   brew install mkcert nss mkcert -install mkcert localhost

5. Add dependencies

   yarn init yarn add express [email protected]

6. Added source code from Auth0 quickstart.

7. Added a script to run Node easily.

8. Created a test user in my Auth0 account and confirmed via email.

How to run this yourself

Prerequisites: node, yarn, mkcert, nss, an Auth0 account.

1. Make certificates

2. Create an Auth0 account

3. Create a .env file:

    APP_SESSION_SECRET=<secret>
    CLIENT_ID=<client id>
    ISSUER_BASE_URL=<base url>
   

4. Run yarn:

    yarn install
    yarn start
   

Testing

1. Visit localhost:3000

    No cookies, displays "logged out"
   

2. Visit /login

    Redirected to ISSUER_BASE_URL with URL parameters state, client, protocol, scope, response_type, redirect_uri, nonce, response_mode
    Cookies: _csrf, auth0_compat, auth0 (session cookie), did_compat, did (device ID)
   

3. Log in with valid credentials:

    Redirected back to `baseURL`
    Cookies: `identity`
   

Local commands

• yarn libyear: run the libyear command to determine dependency age
• yarn lint: run eslint to report on code issues
• yarn start: run the server
• yarn start:dev: run the server in dev mode under nodemon for hot reloads

References

• mkcert
• How to read environment variables from Node.js
• Managing Environment Variables in Node.js with dotenv
• sameSite Cookie Attribute Changes

Auth0 docs

• ID Token Structure
• GitHub Action for Yarn
• Express
• Node.js