Auth0 Home Blog Docs

Regular web app : authent succeeded but req.user is undefined in the routeurs (user.js eg)

I followed the quick start guide for node js regular web app but the authentication fails.
I’m using this code in my index.js :

    // Perform the login, after login Auth0 will redirect to callback
router.get('/login', passport.authenticate('auth0', {
  scope: 'openid profile email'
}), function (req, res) {

// Perform the Callback
router.get('/callback', function (req, res, next) {
  passport.authenticate('auth0', function (err, user, info) {
    if (err) { return next(err); }
    if (!user) { return res.redirect('/login'); }
    req.logIn(user, function (err) {
      if (err) { return next(err); }
      const returnTo = req.session.returnTo;
      delete req.session.returnTo;
      res.redirect(returnTo || '/user');
  })(req, res, next);

When I try to authenticate, the web console shows that the browser keeps on looping from login page to callback page. As far as I understood, it means that the callback return no user so it redirect to the login page which redirect to the callback page.
If I change the redirection for another page (not secured), the callback redirect to this page but, of course, the user is undefined…

The weird thing is that when I go to the log page in the dashboard, I can see that my login attempts are considered as success (!).

My app.js is strictly identical to the one provided in the quick start guide.

Any help would be appreciate :pleading_face:

Edit :
I have just tried to upload the sample app in my web server and the result is the same : eternal loop between login and callback :sob:
It must be a misconfiguration in my tenant or in my application (in the dashboard) but I don’t see where

Edit N°2 :
I have tried my code on local (localhost) and it works !!

  • The configuration in auth0 dashboard is the same for the local and the remote

  • The code is the same on both sides

The only explanation is that my host (OVH) has a ‘special’ configuration.
Does anyone has already experience this?

Edit N°3 :
Finally, the authentication works, partially…
I found a solution that consist to add state: false in my strategy (app.js).
In the callback function, this part: if (!user) { return res.redirect('/login'); } is not “true” anymore, so I get the user! :partying_face:
BUT, of course there is a “BUT” :rage:, this part: res.redirect(returnTo || '/user'); redirect to the user page WITHOUT any user data!!
My user routeur doesn’t get the user data: const { _raw, _json, ...userProfile } = req.user; return: Cannot destructure property '_raw' of 'undefined' or 'null'.

I don’t understand why!!
HELP, please!

I reply to myself…
I finally found the solution! :partying_face:

For those who are interested:

In fact, it was just a question of session: I discovered that the sessionID was not the same in the callback and in the user page… So, of course, the user wasn’t available in my user page!
I just added:
const FileStore = require('session-file-store')(session); to my app and change the session like this:

const sess = {
  store: new FileStore,
  secret: 'mySecret',
  resave: false,
  saveUninitialized: false

and: Tada! the session remains the same accross all my routes and my user is available everywhere in my app

So sorry that we didn’t get to you just in time… but glad you were able to figure out the solution yourself!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.