auth0-express

# Auth0 Express Skill

Patterns for integrating Auth0 with Express.js applications.

## Setup

### Installation

```bash
npm install express-oauth2-jwt-bearer
# or for session-based
npm install express-openid-connect
```

### Configuration

```typescript
// Environment variables
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_AUDIENCE=your-api-audience
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
AUTH0_BASE_URL=http://localhost:3000
AUTH0_SECRET=session-encryption-secret
```

## JWT Authentication (API)

### Basic Setup

```typescript
import { auth, requiredScopes } from 'express-oauth2-jwt-bearer'
import express from 'express'

const app = express()

// JWT validation middleware
const jwtCheck = auth({
  audience: process.env.AUTH0_AUDIENCE,
  issuerBaseURL: `https://${process.env.AUTH0_DOMAIN}/`,
  tokenSigningAlg: 'RS256',
})

// Public route
app.get('/api/public', (req, res) => {
  res.json({ message: 'Public endpoint' })
})

// Protected route
app.get('/api/private', jwtCheck, (req, res) => {
  res.json({
    message: 'Protected endpoint',
    user: req.auth?.payload,
  })
})

// Route requiring specific scope
app.get(
  '/api/admin',
  jwtCheck,
  requiredScopes('admin:read'),
  (req, res) => {
    res.json({ message: 'Admin data' })
  }
)
```

### Custom Claims Access

```typescript
interface Auth0Payload {
  sub: string
  'https://myapp.com/roles': string[]
  'https://myapp.com/org_id'?: string
  permissions?: string[]
}

declare global {
  namespace Express {
    interface Request {
      auth?: {
        payload: Auth0Payload
        token: string
      }
    }
  }
}

app.get('/api/user-info', jwtCheck, (req, res) => {
  const userId = req.auth?.payload.sub
  const roles = req.auth?.payload['https://myapp.com/roles'] || []
  const orgId = req.auth?.payload['https://myapp.com/org_id']

  res.json({ userId, roles, orgId })
})
```

### Permission Middleware

```typescript
function requirePermission(permission: string) {
  return (req: Reques