Auth0 - Next integration not authenticates me and / or ignores my route protection

Hi there,

I am trying to secure my next.js app by following this great tutorial here

and specifically the “Securing Next.js Applications with Passport” section.

I have a /login endpoint as explained in the tutorial and it redirects me to the auth0 login page as expected.

I login successfully and then I try to hit the endpoint described below.

    if (req.isAuthenticated()) return next();

router.get("/api/test", ensureAuthenticated, (req, res) => {

    res.send({ message: "Thanks!", 'auth': req.isAuthenticated() });

Not sure what I am doing wrong but I would expect to

  1. ensureAuthenticated to block me out or
  2. to get {auth: true}

On the contrary, nothing of those happen and the response I get is


which is not expected as I have setup the passport strategy.

Any ideas appreciated.