Hi,
I’m new to using auth0 (and the auth process in general). I’m working on an application using nextjs, express, and node. I’ve followed the express/node tutorial and successfully got authentication and authorization (using the authorization-extension) to work locally. However, when I deploy to my development/production server on Vercel, neither authentication nor authorization work.
In app.js I have the following:
const { auth } = require('express-openid-connect');
const server = express();
const config = {
authRequired: true,
auth0Logout: true,
secret: process.env.AUTH0_SECRET,
baseURL: process.env.HOST_URL,
clientID: process.env.AUTH0_CLIENT_ID,
issuerBaseURL: process.env.AUTH0_BASE_URL
};
server.use(auth(config));
// Other middleware
const app = next.boot(server);
The only difference on my local and my server is the value of process.env.HOST_URL. In the application settings on the auth0 website I’ve added HOST_URL/callback as a callback URL and HOST_URL as a logout url.
The expected behavior is for the user to initially be redirected to AUTH0_BASE_URL upon accessing HOST_URL. If they login and don’t have the admin role, then they’ll be denied access on to any route (this works locally). If they login and do have the admin role, then they’ll have access to all routes.
The actual behavior is that the user is not redirected to AUTH0_BASE_URL, and they automatically have access to everything. Are their additional changes I need to make when deploying on my server?