Thanks for reporting that @jburklund!
I’m sure @dan-auth0 is gonna take a look at your struggle once he’s online!
Hello! Thanks for reading the post. Have you initialized all the Auth0 settings within the .env file?
Yep - I added my client ID, domain, and secret to the .env file in my project directory then required the file under the external modules in the index.js file as directed. When i set up the app i added the callback urls and logout urls and saved the changes.
Hi dan, I have downloaded your code. it works fine on localhost:3000, however, when I deployed it on Heroku it just enter into a SMS login loop. here is the link : https://morning-fortress-87943.herokuapp.com Do you know why there is a login loop in it? I already changed the configuration on my dashboard.( set Allowed Callback URLs with https://morning-fortress-87943.herokuapp.com/callback, and Allowed Logout URLs with https://morning-fortress-87943.herokuapp.com) but the login loop is still there. Do you know the reason? thanks!!!
1 Like
Heroku it’s tricky!
For Heroku, you need to ensure the solution posted in this GitHub issue is part of your code:
https://github.com/auth0/passport-auth0/issues/70#issuecomment-480771614
I’ve been thinking about writing a guide to deploy this app on Heroku, AWS, and ZEIT Now 
Let me know if adding that to your Express app fixes the issue, please.
Could you please show me a gist or repo of what your code looks like, please? 
Hey, whenever I try to run the ui, I get this error message in my terminal: return done(new Error(‘Failed to serialize user into session’));
It also says: TypeError: done is not a function,
and that my nodemon app crashed.
I’m not completely sure of what to do.
Howdy! Thank you for joining the Auth0 community and for reading the blog post. On what stage are you getting that error?
How do I do it without passport, for example with Auth0 serverless or fastify?
1 Like
Do you mean to secure the API without using Passport?
1 Like
Yes. I want to secure APIs, for example comment posting and image upload.
1 Like
Gotcha! In the meantime, you can follow this tutorial that covers that in detail 
1 Like
Let us know if you have any questions!
I cannot use express-jwt on fastify.
Fastify integrates well with Ajv and OpenAPI, so I want to use it.
I understand. Thank you for that additional feedback. I have no working experience with Fastify but the framework seems to support JWT verification and offer some packages to do so:
The last one seems to link to a third-party package that does Auth0 Token Verification. As a disclosure, these are not packages supported or endorsed by Auth0, but they may help you out 
I’ll recommend to check them out and their source code and see if they fit your use case.
If you need further assistance with Fastify integration, I’d encourage you to create an additional topic in our General Board as that may provide the topic with higher visibility from other members of the Community site.
2 Likes
Hi @dan-auth0
Really great tutorial, thank you so much for the effort. I’m having the same issue as @jburklund
When I run npm dev or in my case npm start… I get.
Control_Review_App@1.0.0 start /home/bastien/Control_Review_App
nodemon ./index.js
[nodemon] 2.0.3
[nodemon] to restart at any time, enter rs
[nodemon] watching path(s): .
[nodemon] watching extensions: js,mjs,json
[nodemon] starting node ./index.js
/home/bastien/Control_Review_App/index.js:33
app.use(expressSession(session));
^
ReferenceError: Cannot access ‘session’ before initialization
at Object. (/home/bastien/Control_Review_App/index.js:33:24)
at Module._compile (internal/modules/cjs/loader.js:1147:30)
at Object.Module._extensions…js (internal/modules/cjs/loader.js:1167:10)
at Module.load (internal/modules/cjs/loader.js:996:32)
at Function.Module._load (internal/modules/cjs/loader.js:896:14)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
at internal/main/run_main_module.js:17:47
[nodemon] app crashed - waiting for file changes before starting…
Here is the gist for my index.js Index.js · GitHub
Really appreciate your help, Happy easter btw
Hi Everyone,
I figured out the problem, the oder of the sections is important. Hope this helps someone else.
Thank you again @dan-auth0
It has to be:
// index.js
/**
- Required External Modules
*/
/**
- App Variables
*/
/**
- Session Configuration
*/
/**
- Passport Configuration
*/
/**
- App Configuration
*/
/**
- Routes Definitions
*/
/**
- Server Activation
*/
1 Like
Welcome to our Auth0 Community and I am glad that you enjoyed the tutorial. Thank you for following up with these additional details. Is the order of the sections given incorrectly in the tutorial at some point? If so, if you could please point out where it was incorrect I can update it right away. Thank you in advance.
Thanks. This is exactly the problem I had. All fixed.
This is a great tutorial @dan-auth0 because of the detailed explanation of the logic behind the code instead of “copypasta and you are on your own”.
1 Like
@dan-auth0 I keep reading that session secrets should not be stored in plaintext in our source code and was wondering:-
- is it safer to save it as an environment variable?
- is there an easy way to encrypt it?
I am a novice in these matters
1 Like