Skip to content

Instantly share code, notes, and snippets.

@saltukalakus

saltukalakus/.env

Last active June 2, 2025 20:34
Show Gist options
  • Save saltukalakus/380a8114e5ce1b0259fef00ecc4b1f5e to your computer and use it in GitHub Desktop.
Save saltukalakus/380a8114e5ce1b0259fef00ecc4b1f5e to your computer and use it in GitHub Desktop.
Download ZIP
A sample showing how to use role claim with Auth0 using express-openid-connect library
Raw
.env
# conf
PORT=3000
ISSUER_BASE_URL=https://your-account.[region].auth0.com
CLIENT_ID=your-client-id
CLIENT_SECRET=your-client-secret
BASE_URL=http://localhost:3000
SECRET=LONG_RANDOM_VALUE
Raw
README.md

Installation:

> git clone https://gist.github.com/saltukalakus/380a8114e5ce1b0259fef00ecc4b1f5e demo-app
> cd demo-app
> npm install

Setup:

  • Create a regular web app in the Auth0 dashboard.
  • Add http://localhost:3000/callback as Allowed Callback URL on this application.
  • Use the sample rule.js as one of your rules in the Auth0 dashbaord. This rule will merge the user's roles as a custom claim.
  • Modify the .env file according to your Auth0 tenant configuration.
  • Add three roles named admin, sales, payroll in the roles section in the Auth0 dashbaord.
  • Assign a few users to these roles for testing purpose. A user may have one or more of these roles.

Testing:

Run the node.js express server.

> npm start

On a browser open http://localhost:3000

Raw
index.js
require('dotenv').config();
const express = require('express');
const {
auth,
claimEquals,
claimIncludes,
claimCheck,
requiresAuth,
} = require('express-openid-connect');
const app = express();
// Main screen
app.get('/', auth({
authorizationParams: {
response_type: 'code id_token',
},
}), async (req, res) => {
res.send(`hello!
<p><a href="/logout">Click to logout</a></p>
<p><a href="/admin">Admin screen</a></p>
<p><a href="/sales-managers">Sales Manager screen</a></p>
<p><a href="/payroll">Payroll screen</a></p>`);
});
app.use(
auth({
errorOnRequiredAuth: true,
authorizationParams: {
response_type: 'code id_token',
},
})
);
app.get(
'/admin',
claimIncludes('https://myapp.com/roles', 'admin'),
(req, res) =>
res.send(`Hello ${req.oidc.user.sub}, this is the admin section.<p><a href="/">Back</a></p>`)
);
app.get(
'/sales-managers',
claimIncludes('https://myapp.com/roles', 'sales'),
(req, res) =>
res.send(`Hello ${req.oidc.user.sub}, this is the sales managers section.<p><a href="/">Back</a></p>`)
);
app.get(
'/payroll',
claimIncludes('https://myapp.com/roles', 'payroll'),
(req, res) =>
res.send(`Hello ${req.oidc.user.sub}, this is the payroll section.<p><a href="/">Back</a></p>`)
);
app.listen(3000, () =>
console.log(`Example app started at http://localhost:3000`)
);
Raw
package.json
{
"name": "express-openid-connect-claims-sample",
"version": "0.1.0",
"description": "Shows how to use claims with Auth0",
"license": "MIT",
"author": "Saltuk Alakus <[email protected]>",
"main": "index.js",
"scripts": {
"start": "node index.js"
},
"dependencies": {
"dotenv": "^8.2.0",
"express": "^4.17.1",
"express-openid-connect": "^2.0.0"
},
"engines": {
"node": "^10.19.0 || >=12.0.0 < 13 || >=13.7.0 < 14 || >= 14.2.0"
}
}
Raw
rule.js
function(user, context, callback) {
const namespace = 'https://myapp.com/';
context.idToken[namespace + 'roles'] = (context.authorization || {}).roles.join(" ");
callback(null, user, context);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment