Labsco
auth0 logo

auth0-express

β˜… 37

by auth0 Β· part of auth0/agent-skills

Use when adding authentication (login, logout, protected routes) to Express.js web applications - integrates express-openid-connect for session-based auth.

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedAccount requiredNeeds API keys
🧩 One of 7 skills in the auth0/agent-skills package β€” works on its own, and pairs well with its siblings.

Use when adding authentication (login, logout, protected routes) to Express.js web applications - integrates express-openid-connect for session-based auth.

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates β€” shown here so you can audit it before installing. You don't need to read it to use the skill.

by auth0

Use when adding authentication (login, logout, protected routes) to Express.js web applications - integrates express-openid-connect for session-based auth. npx skills add https://github.com/auth0/agent-skills --skill auth0-express Download ZIPGitHub37

Auth0 Express Integration

Add authentication to Express.js web applications using express-openid-connect.

When NOT to Use

  • Single Page Applications - Use auth0-react, auth0-vue, or auth0-angular for client-side auth

  • Next.js applications - Use auth0-nextjs skill which handles both client and server

  • Mobile applications - Use auth0-react-native for React Native/Expo

  • Stateless APIs - Use JWT validation middleware instead of session-based auth

  • Microservices - Use JWT validation for service-to-service auth

Detailed Documentation

  • Setup Guide - Automated setup scripts, environment configuration, Auth0 CLI usage

  • Integration Guide - Protected routes, sessions, API integration, error handling

  • API Reference - Complete middleware API, configuration options, request properties

Related Skills

  • auth0-quickstart - Basic Auth0 setup

  • auth0-migration - Migrate from another auth provider

  • auth0-mfa - Add Multi-Factor Authentication

  • auth0-cli - Manage Auth0 resources from the terminal

Quick Reference

Middleware Options:

  • authRequired - Require auth for all routes (default: false)

  • auth0Logout - Enable /logout endpoint (default: false)

  • secret - Session secret (required)

  • baseURL - Application URL (required)

  • clientID - Auth0 client ID (required)

  • issuerBaseURL - Auth0 tenant URL (required)

Request Properties:

  • req.oidc.isAuthenticated() - Check if user is logged in

  • req.oidc.user - User profile object

  • req.oidc.accessToken - Access token object ({ access_token, token_type, expires_in }); expires_in is seconds remaining. Destructure with const { access_token } = req.oidc.accessToken. Also exposes isExpired() and refresh() methods. Only populated when authorizationParams with audience + response_type: 'code' is configured

  • req.oidc.idToken - ID token

  • req.oidc.refreshToken - Refresh token

Common Use Cases:

  • Protected routes β†’ Use requiresAuth() middleware (see Step 4)

  • Check auth status β†’ req.oidc.isAuthenticated()

  • Get user info β†’ req.oidc.user

  • Call APIs β†’ Integration Guide

References