Create a Simple and Secure Node Express App

konrad.sopala · November 12, 2019, 3:24pm

Thanks for reporting that @jburklund!

I’m sure @dan-auth0 is gonna take a look at your struggle once he’s online!

dan-auth0 · November 12, 2019, 4:21pm

Hello! Thanks for reading the post. Have you initialized all the Auth0 settings within the .env file?

jburklund · November 12, 2019, 4:43pm

Yep - I added my client ID, domain, and secret to the .env file in my project directory then required the file under the external modules in the index.js file as directed. When i set up the app i added the callback urls and logout urls and saved the changes.

peterz2099 · November 14, 2019, 5:31am

Hi dan, I have downloaded your code. it works fine on localhost:3000, however, when I deployed it on Heroku it just enter into a SMS login loop. here is the link : https://morning-fortress-87943.herokuapp.com Do you know why there is a login loop in it? I already changed the configuration on my dashboard.( set Allowed Callback URLs with https://morning-fortress-87943.herokuapp.com/callback, and Allowed Logout URLs with https://morning-fortress-87943.herokuapp.com) but the login loop is still there. Do you know the reason? thanks!!!

dan-auth0 · November 14, 2019, 3:02pm

Heroku it’s tricky!

For Heroku, you need to ensure the solution posted in this GitHub issue is part of your code:

https://github.com/auth0/passport-auth0/issues/70#issuecomment-480771614

I’ve been thinking about writing a guide to deploy this app on Heroku, AWS, and ZEIT Now

Let me know if adding that to your Express app fixes the issue, please.

dan-auth0 · November 14, 2019, 3:04pm

Could you please show me a gist or repo of what your code looks like, please?

mchandlerdev · November 14, 2019, 6:57pm

Hey, whenever I try to run the ui, I get this error message in my terminal: return done(new Error(‘Failed to serialize user into session’));

It also says: TypeError: done is not a function,
and that my nodemon app crashed.

I’m not completely sure of what to do.

dan-auth0 · November 15, 2019, 11:01pm

Howdy! Thank you for joining the Auth0 community and for reading the blog post. On what stage are you getting that error?

patarapolw · February 7, 2020, 1:11am

How do I do it without passport, for example with Auth0 serverless or fastify?

dan-auth0 · February 7, 2020, 3:06am

Do you mean to secure the API without using Passport?

patarapolw · February 8, 2020, 6:12pm

Yes. I want to secure APIs, for example comment posting and image upload.

dan-auth0 · February 8, 2020, 11:26pm

Gotcha! In the meantime, you can follow this tutorial that covers that in detail

konrad.sopala · February 10, 2020, 8:40am

Let us know if you have any questions!

patarapolw · March 27, 2020, 7:20am

I cannot use express-jwt on fastify.

Fastify integrates well with Ajv and OpenAPI, so I want to use it.

dan-auth0 · March 27, 2020, 5:44pm

I understand. Thank you for that additional feedback. I have no working experience with Fastify but the framework seems to support JWT verification and offer some packages to do so:

The last one seems to link to a third-party package that does Auth0 Token Verification. As a disclosure, these are not packages supported or endorsed by Auth0, but they may help you out I’ll recommend to check them out and their source code and see if they fit your use case.

If you need further assistance with Fastify integration, I’d encourage you to create an additional topic in our General Board as that may provide the topic with higher visibility from other members of the Community site.

Bastien227 · April 13, 2020, 11:57am

Hi @dan-auth0

Really great tutorial, thank you so much for the effort. I’m having the same issue as @jburklund
When I run npm dev or in my case npm start… I get.

Control_Review_App@1.0.0 start /home/bastien/Control_Review_App
nodemon ./index.js

[nodemon] 2.0.3
[nodemon] to restart at any time, enter rs
[nodemon] watching path(s): .
[nodemon] watching extensions: js,mjs,json
[nodemon] starting node ./index.js
/home/bastien/Control_Review_App/index.js:33
app.use(expressSession(session));
^

ReferenceError: Cannot access ‘session’ before initialization
at Object. (/home/bastien/Control_Review_App/index.js:33:24)
at Module._compile (internal/modules/cjs/loader.js:1147:30)
at Object.Module._extensions…js (internal/modules/cjs/loader.js:1167:10)
at Module.load (internal/modules/cjs/loader.js:996:32)
at Function.Module._load (internal/modules/cjs/loader.js:896:14)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
at internal/main/run_main_module.js:17:47
[nodemon] app crashed - waiting for file changes before starting…

Here is the gist for my index.js Index.js · GitHub

Really appreciate your help, Happy easter btw

Bastien227 · April 13, 2020, 2:24pm

Hi Everyone,

I figured out the problem, the oder of the sections is important. Hope this helps someone else.

Thank you again @dan-auth0

It has to be:

// index.js

/**

Required External Modules
*/

/**

App Variables
*/

/**

Session Configuration
*/

/**

Passport Configuration
*/

/**

App Configuration
*/

/**

Routes Definitions
*/

/**

Server Activation
*/

dan-auth0 · April 13, 2020, 7:33pm

Welcome to our Auth0 Community and I am glad that you enjoyed the tutorial. Thank you for following up with these additional details. Is the order of the sections given incorrectly in the tutorial at some point? If so, if you could please point out where it was incorrect I can update it right away. Thank you in advance.

zettiliazee · May 4, 2020, 5:10pm

Thanks. This is exactly the problem I had. All fixed.
This is a great tutorial @dan-auth0 because of the detailed explanation of the logic behind the code instead of “copypasta and you are on your own”.

zettiliazee · May 4, 2020, 9:51pm

@dan-auth0 I keep reading that session secrets should not be stored in plaintext in our source code and was wondering:-

is it safer to save it as an environment variable?
is there an easy way to encrypt it?
I am a novice in these matters