Can I authenticate a session in a NodeJS serverless function when I'm using Auth0 Passwordless on my front end?

Hi,

Does anyone know how to check a Auth0 session in NodeJS (window object is not available)?

I’ve authenticated the user on the frontend. And I’m able to check a session. But I’d like to perform the check session in a serverless function using NodeJS.

How can I do this?

What do I need to send to the endpoint in the URL or headers?

And can I use the npm auth0 package in a netlify function?

I’m getting this error: Error during invocation: TypeError: n is not a function

Hi @bernard.baker.me,

Can you tell us your use case? It sounds like you may be working around some existing functionality.

Thanks,
Dan

Hi @dan.woda,

My use case is to make it simple for customers to authenticate themselves on the website without creating an account using the traditional password & username.

Upon authentication I want to protect Netlify serverless API endpoints to only allow passwordless authenticated users to invoke them.

If your users are authenticated on your website, (lets call it a SPA in this example) then you will only need to send an access token with the API call, and have the serverless function verify the token. Take a look at the following doc which lays out the scenario:

Hi @dan.woda,

Thanks for the information, I’ll read that material.

My questions at this time are:

  • I’m using passwordless authentication. Where is the access token?

The access token is returned after a successful authentication. What framework are you using? Did you use a quickstart? How are you authenticating?

Hi @dan.woda, I’m using an SPA framework.

And Auth0 passwordless on the front end. And I want to check the session or verify the token in the serverless function.

This is a fairly common use case, that doc I linked should get you 90% of the way. Let me know if you have specific questions.

Our quickstarts also cover this if you pick your SPA framework and go from there:

I’ve implemented the older version of this quick start on the admin dashboard.

However I’m using passwordless authentication on the front end with Auth0 Lock.

From what I have seen I don’t get a valid JWT token back. And the access token that I receive isn’t a valid JWT token.

You must request a token for your API.

edit: this may also be helpful

1 Like

@dan.woda the token I get back is short in length. What sort of access token is this?

Thanks, just saw the Get Access Token doc.

Please read the FAQ I linked above titled Why is my access token not a JWT?

So I have an opaque token? Which I recall is used to get the user profile?

I read the linked question.

1 Like

That is correct. You must set the audience to the custom API (netlify function) you configured in the dashboard

Ok. I’m going to read the material you linked to first and follow your instructions.

Great let us know how it goes.

1 Like

@dan.woda from what I’ve read. I can only access the user profile information with the getUserProfile method. Providing the opaque token sent back from a successful passwordless authentication flow.

I have a question: using the passwordless authentication flow, which successfully sends back an opaque token. How can I then get a valid JWT token?

You must add an audience claim. This requests a token that can be verified by your custom API. If you are looking to display information in your application based on the token then you will want to use an id token:

Thanks @dan.woda.

I’ve followed your guidance and I now have the token. :rocket::

I want to verify it in my custom API (netlify) function. Is there a method/function that I can call? I took a look in auth0 and I couldn’t find one.

1 Like

I think this walkthrough has the code you need: