Auth0 Home Blog Docs

Best Practice approach to Auth0 Refresh Token within a Express Node app

jwt
auth0
refresh-tokens
refresh_token

#1

I am implementing auth0 and have it working with our app almost completely. The only remaining component is to implement the refresh token to ensure that the user remains logged in.

The app uses Node and Express middleware integrating with React/Redux for front end. For Auth0 I are using the Passport library to handle auth and callback.

All our Application API calls are preformed by React/Redux and I’m struggling to understand integration examples for the refresh token as all other authentication elements are handled by Express.

I have tried following the steps outlined here: (https://auth0.com/docs/quickstart/webapp/nodejs/01-login)
I have managed to understand the location and where to return the refresh token from and this has worked as well as where to save it after login.

However I cant seem to understand how this should be triggered within Express given that the 401 response is not accessible at this level.

Any recommendation or direction in terms of working examples would be highly welcomed.

Many thanks in advance .

For reference the current Express auth code I am trying to use is: Note: {removed} references out app name/data

app.use(passport.initialize());
app.use(passport.session());
app.use(’/{removed}/assets/’, express.static(path.join(__dirname, ‘/assets’)));
app.use(’/{removed}/api’, routes);
app.get(’/’, (req, res) => res.redirect(’/{removed}’));

app.get(’/callback’,
passport.authenticate(‘auth0’, { failureRedirect: ‘/login’ }),
(req, res) => {
if (!req.user) {
throw new Error(‘user null’);
}
res.redirect(’/’);
}
);

app.get(’/login’,
passport.authenticate(‘auth0’, {
clientID: env.AUTH0_CLIENT_ID,
domain: env.AUTH0_DOMAIN,
redirectUri: env.AUTH0_CALLBACK_URL,
audience: ‘{removed}’,
responseType: ‘code’,
scope: ‘openid profile offline_access’,
}), (req, res) => {
res.redirect(’/’);
});

app.get(’/logout’, (req, res) => {
req.logout();
res.redirect(’/’);
});

app.get(’/{removed}*’, (req, res) => {
if (!req.user) {
console.log(‘user not logged in redirect auth server’);
res.redirect(’/login’);
}
res.sendFile(${__dirname}/${config.rootFolder}/index.html);
return 1;
});