Best Practice approach to Auth0 Refresh Token within a Express Node app

I am implementing auth0 and have it working with our app almost completely. The only remaining component is to implement the refresh token to ensure that the user remains logged in.

The app uses Node and Express middleware integrating with React/Redux for front end. For Auth0 I are using the Passport library to handle auth and callback.

All our Application API calls are preformed by React/Redux and I’m struggling to understand integration examples for the refresh token as all other authentication elements are handled by Express.

I have tried following the steps outlined here: (Auth0 Express SDK Quickstarts: Login)
I have managed to understand the location and where to return the refresh token from and this has worked as well as where to save it after login.

However I cant seem to understand how this should be triggered within Express given that the 401 response is not accessible at this level.

Any recommendation or direction in terms of working examples would be highly welcomed.

Many thanks in advance .

For reference the current Express auth code I am trying to use is: Note: {removed} references out app name/data

app.use(passport.initialize());
app.use(passport.session());
app.use(‘/{removed}/assets/’, express.static(path.join(__dirname, ‘/assets’)));
app.use(‘/{removed}/api’, routes);
app.get(‘/’, (req, res) => res.redirect(‘/{removed}’));

app.get(‘/callback’,
passport.authenticate(‘auth0’, { failureRedirect: ‘/login’ }),
(req, res) => {
if (!req.user) {
throw new Error(‘user null’);
}
res.redirect(‘/’);
}
);

app.get(‘/login’,
passport.authenticate(‘auth0’, {
clientID: env.AUTH0_CLIENT_ID,
domain: env.AUTH0_DOMAIN,
redirectUri: env.AUTH0_CALLBACK_URL,
audience: ‘{removed}’,
responseType: ‘code’,
scope: ‘openid profile offline_access’,
}), (req, res) => {
res.redirect(‘/’);
});

app.get(‘/logout’, (req, res) => {
req.logout();
res.redirect(‘/’);
});

app.get(‘/{removed}*’, (req, res) => {
if (!req.user) {
console.log(‘user not logged in redirect auth server’);
res.redirect(‘/login’);
}
res.sendFile(${__dirname}/${config.rootFolder}/index.html);
return 1;
});

Hey @megki.soula

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.