Skip to main content

Nodejs with Express

This guide explains the basics of how to sign users in using Node.JS and Express.

note

For a more robust example, see https://github.com/crossid/sample-nodejs.

We use a simple express-openid-connect library that wraps the certified openid-client for the Express framework.

Project Init

Let's init a new project:

mkdir myapp ; cd myapp
npm init -f
npm install express dotenv auth0/express-openid-connect

Configure

express-openid-connect can be configured via env vars, a minimal .env file would like look:

ISSUER_BASE_URL=https://<TENANT>.crossid.io/oauth2
CLIENT_ID=<CLIENT_ID>
CLIENT_SECRET=<CLIENT_SECRET>
SECRET=<RANDOM_STRING>
BASE_URL=https://localhost

All <> placeholders must be replaced.

  • Line 1: <TENANT> is your Crossid tenant, don't have a tenant yet? create one for free!
  • Line 2: <CLIENT_ID> is the client id you get by telling Crossid about your app.
  • Line 3: <CLIENT_SECRET> is the client secret you get by telling Crossid about your app.
  • Line 4: Choose a long random string (note: this is not a client secret, it's secret for protecting the session cookie)

Notes:

  • We use https in our BASE_URL to avoid cookie policy issues so proxy is needed (see Caddy below)
  • The app below requires the redirect_uris to be https://localhost/callback

Server

A minimal server would look like:

// server.js
const express = require("express");
const { auth } = require("express-openid-connect");
require("dotenv").config();
const app = express();
app.use(
auth({
authorizationParams: {
response_type: "code id_token",
audience: "example.com",
scope: "openid profile",
},
})
);
app.set("trust proxy", true);
app.get("/", (req, res) => {
res.send(`hello ${req.oidc.user.name}`);
});
app.listen(3005, () => console.log("listening at http://localhost:3005"));

Let's start a reverse proxy which will route any traffic coming from 443 to port 3005.

caddy reverse-proxy --from localhost:443 --to localhost:3005

(can be installed via brew install Caddy or https://caddyserver.com/docs/download).

Start the server and hit https://localhost

node ./server.js

References

For more information see express-openid-connect