Auth0 Home Blog Docs

Create a Simple and Secure Node Express App

Learn how to secure a simple Node.js and Express app by adding user authentication with Passport.js and Auth0.

Read on :green_heart:

Brought to you by @dan-auth0 :man_technologist:t2:

3 Likes

Node.js is both a platform and a topic that I love. Let me know how you like this blog post, what questions you may have, and/or what others topics related to Node you’d like to read. I am here for you!

1 Like

Nice tutorial. I like seeing the non-JWT side of things. I have a question about sessions though.

I read that Express sessions basically set a cookie with the ID of the session, and then for each subsequent request, the Express middleware you set up will perform a session lookup to attach the session data to the req object, and that’s how the subsequent middleware like your app routes will have access to the logged in user. Since I didn’t see you connect anything like Redis or any database to the session middleware, I’m guessing it’s storing it in memory.

What do you do when you’ve got an app that is horizontally scaled? Perhaps it’s deployed to Heroku, AWS Lambda, or a Kubernetes cluster with pod autoscaling enabled, and once traffic scales up, there will be more than one process that your visitors hit. Can you override the session middleware to store session values in something that each process can access, like Redis?

Edit:

Found the answer after more digging. The readme for the session middleware itself talks about implementing custom session stores and lists popular libraries that are already capable of storing sessions in things like Redis, PostgreSQL, MongoDB, and even the cloud databases like AWS DynamoDB and Google Cloud Firestore. Neat. (https://github.com/expressjs/session)

Great tutorial!

I follow all the steps on the blog but is is error saying passport.initialize is not a middleware,

and i see some changes in the code in github in the ENV part that solves the issue

@johndavemanuel you need to install passport
npm install passport

1 Like

Hi @aparralorenzo,

Welcome to the Auth0 Community Forum!

Thanks for helping out on this.

@johndavemanuel Did this solve you problem?

In the future please create a new topic for your problem with a link to the blog/doc. This helps us answer your questions more quickly!

Thanks,
Dan

Hi, thanks for the tutorial but I’m not having much success with it.

Even if I git clone the project, npm install and create the relevant .env file, I always end up in a redirect loop when trying to signup/login, irrespective of login type (happens on email/pw too).

It just pingpongs between

https://mydomain.eu.auth0.com/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&state=blah&client_id=blah

and

http://localhost:3000/callback?state=blah

This is with Node 10.x latest on Windows 10. Is that config known to work? Any other info I can provide to help debug?

Thanks
Conor

2 Likes

Hey there @conor!

Thanks for reporting that and providing that context. I’m sure that @dan-auth0 who is the article author will look into it soon and help you troubleshoot that!

I am on it. I’ll double check the content again. I don’t have access to Windows but I’ll reproduce the blog post using Linux as you may be able to use the Linux Subsystem in Windows which can give us a common ground :thinking:

Thank you for your time reading this post!

1 Like

Thanks Dan. I tried it on OSX today with the same result.

I am going to rework some of the post. There are some areas of it that make it difficult to know where to enter new code. Give me till the end of the week and I’ll have it ready. It’s working for me but it was a bit confusing :grimacing:

Appreciate it Dan thanks! So should I ignore the github repo for the moment?

1 Like

Please do :pray:I was trying the “multi-folder” approach with that repo… haha and I think it’s way too confusing. I"ll be using branches instead :muscle:

I got the review of the first part done yesterday (code is the same) and I’ll work auditing/restructuring the second part today :slight_smile:

I haven’t forgotten about you :slight_smile: I ended up optimizing some of the content of the first part. I will be working on the second time tomorrow. Thank you again for reading our content :+1:

Thanks again Dan. I’ll give it a try when you’re done with the second half.

Thanks a lot for letting us know Conor! Stay tuned!

Conor, thank you for your patience. It took longer than expected but here it is:

I rewrote both parts. They are now more independent of each other and I also hope this part is now easier to follow along. Let me know what you think, please :pray:

The rewrite of Part 1 should be going live next week.

That’s exactly what I needed Dan. Worked perfectly. Thanks again!

1 Like

Wooohooo! Perfect to hear that @conor!

Thanks for the tutorial! I’m getting an error "ReferenceError: Cannot access ‘session’ before initialization at the line app.use(expressSession(session)); and not sure where I went wrong.