Destroy session Auth0 through back express

Gerarca · December 6, 2023, 8:34pm

Hello!!! folloing this Example Express + Vue js

I’m trying to implement in my back one service that redirect the user to default page if the user is invalid(email) or if the users is blocked, so in my back I added this function:

export const saveSession = async (req, res, next) => {
  try { 
    const { email, username } = req.body;
    const UserUnauthorized = await authenticationService.validateUser(email);

    //check if user is blocked
    //if UserUnauthorized == true, the user is blocked
    //if UserUnauthorized == null, the user cannot access the system
    if(  UserUnauthorized || UserUnauthorized === null  ){ 
      req.logout();
      res.redirect(`https://${env.AUTH0_DOMAIN}/v2/logout?returnTo=${env.CLIENT_ORIGIN_URL}`);
    }else{
      //if not blocked, then save session

      req.session.user = { username , email };
      res.status(200).send("Data Saved");
    }
  } catch (error) {
    next(error);
  }
};

currently don’t work, so I would like your help, How can I destroy the auth0 session and redirect to a default page???

dan.woda · December 12, 2023, 10:00pm

Hi @Gerarca,

From the example you shared, the user wouldn’t be ‘logged in’ in the backend server. This API is simply authenticating tokens and returning errors/resources to the front end.

You could return an error and handle it/logout in the front end.

Otherwise, look in to OIDC Back-Channel Logout.

Gerarca · December 13, 2023, 11:43am

Thanks @dan.woda, It just raised a doubt in me.

I quote
This API is simply authenticating tokens and returning errors/resources to the front end.

I’m trying to implement auth0, I’m creating a decoupled system, I mean, I have my back(express js) running on localhost:3000 and the front(vue js) running on localhost:4040, so, I just want use the loggin of Auth0, check if the email exist on my database.

it’s possible? with auth0

Regards!

dan.woda · December 13, 2023, 8:14pm

You can extract the user’s email from the token and check if they exist.

Gerarca · December 14, 2023, 1:41am

thanks @dan.woda !!!

dan.woda · December 14, 2023, 4:30pm

Let us know if you have any questions.

system · December 28, 2023, 4:30pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Redirect to calback URL after Logout Help logout , sessions	4	28	October 23, 2024
Non-whitelist email domain still creates a session Help auth0 , vuejs , vue , whitelist	3	4456	February 24, 2021
/v2/logout doesn't remove session layer information Help login-experience , new-universal-login-experience	3	145	July 9, 2024
Upon logging in requireAuth() redirects me back to auth0 Help login-experience , new-universal-login-experience	0	380	January 10, 2024
Using Auth0 to secure my express backend Help auth0 , express	2	2266	October 4, 2021

Destroy session Auth0 through back express

Related Topics