How to login user from nodejs

i have created user using this api.

var options = {

method: "POST",

url: "https://domail.auth0.com/api/v2/users",

headers: {

  "content-type": "application/json",

  authorization: `Bearer ${token}`,

},

data: {

  email: "abc@example.com",

  password: "abc123",

  name: "test",

  connection: "Username-Password-Authentication",

},

};

axios

.request(options)

.then(function (response) {

  console.log(response.data);

})

.catch(function (error) {

  console.error(error.response.data);

});

now i want login this user using api, is there any way to authenticate this user via nodejs app.?

Hi @alihaider

You can use ROPG (Resource Owner Password Grant), but note that this is not recommended.

Why do you want to log a user in via API?

John

1 Like

hello @john.gateley
in my scenario have to get username & password using postman.
than get these credentials in express app and make a call to auth0 server to authenticate this user.

in response want to set access_token & refresh_token in cookies and send response object to postman including userinfo with role details

postman —> express server —> auth0

response: {
name: “abc”,
role: "superadmin ",
email: “abc@g.com”,
userid: “auth|dsfdsfdsfdsf”
}

Hi @alihaider

I don’t think putting user credentials in postman is a good idea.

A better approach (not great, but better) would be to make an app to sign the user in, and have the app expose the access token for postman.

John

2 Likes

thanks john.
but my application flow is
→ frontend (flutter mobile app)
→ backend nodejs (express)

there are different roles like super_admin, restaurant_owner, restaurant_manager, restaurant_staff.

i have to authenticate all actors from auth0 server via express login api that will request to auth0 server and return access_token n refresh_token.
using express return will set these tokens to cookies, after that we have to authorize all request to access express other apis.

there is any way to do this using auth0.

Hi @alihaider

There are many drawbacks to the approach you are taking. You can do it, via ROPG, but there are many security issues with it.

Instead, you should use the Auth Code + PKCE flow, have the front end redirect to Auth0 for authentication, etc. This is the Industry Standard approach.

John

1 Like

Thanks for helping with this one John!

thanks for the help.

i have a question what would be the flow for this authentication?
backend: Express server.
frontend: Reactapp, android app & ios app.

i want to authenticate users from all plate forms using auth0 universal login.
what would be the flow?

Hi @alihaider

If the front end also calls other APIs than the backend, then use Auth Code + PKCE.
If the front end is ONLY communicating with the backend, then you can use Auth Code.

John

1 Like

all is good at local host but after deployment /login not redirecting toward the Auth0 universal login.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.