`oidc.isAuthenticated()` returns true even though the user does not exist in Auth0

Hi,
I’ve integrated Auth0 on an nodejs/express application (by following this tutorial: Auth0 Node (Express) API SDK Quickstarts: Authorization, based on GitHub - auth0/express-openid-connect: An Express.js middleware to protect OpenID Connect web applications.) and it’s been working fine.

That being said, applicative logs reveals errors on several requests because oidc.isAuthenticated() returns true for users that do not exist in Auth0, according to the userId I’m extracting using request.oidc.user.sub.replace('auth0|', ''); (inspired by express-openid-connect/EXAMPLES.md at master · auth0/express-openid-connect · GitHub). And there is no trace indicating that these users were freshly created, nor recently deleted.

Is it possible that I’ve forgotten to secure something in the way users login?

Hi @adrienjoly,

Could you share the error logs and its error description regarding oidc.isAuthenticated() returning true for users that do not exist in Auth0?

If you prefer, you can send me a DM me the full log event and your tenant name to investigate further.

Let me also point out that the user_id should have the format auth0|123456789 when searching for them on Auth0.

Thanks,
Rueben

Thank you for your reply, Rueben! I sent you a private message.