Welcome to the Auth0 Community!
I believe that what you’re currently missing in order to achieve your desired flow would be the afterCallback hook, which is provided by the express-openid-connect library ( please see the following documentation ).
You should be able to define it within your existing code similarly to this:
const config = {
authRequired: false,
auth0Logout: true,
secret: process.env.AUTH0_SECRET,
baseURL: 'http://localhost:3000',
clientID: process.env.AUTH0_CLIENT_ID,
issuerBaseURL: process.env.AUTH0_DOMAIN,
routes:
auth({
afterCallback: (req, res, session) => {
const claims = jose.JWT.decode(session.id_token); // using jose library to decode JWT
if (claims.org_id !== 'Required Organization') {
throw new Error('User is not a part of the Required Organization');
}
return session;
},
})
}
app.use(auth(config));
Additional resources on the afterCallback hook :
Let us know if this helped solve your issue!
Best regards,
Gerald