plugins/aai-stack-auth0/skills/auth0-express/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/the-answerai/alphaagent-team/blob/main/plugins/aai-stack-auth0/skills/auth0-express/SKILL.md -a claude-code --skill auth0-expressInstallation paths:
.claude/skills/auth0-express/# Auth0 Express Skill
Patterns for integrating Auth0 with Express.js applications.
## Setup
### Installation
```bash
npm install express-oauth2-jwt-bearer
# or for session-based
npm install express-openid-connect
```
### Configuration
```typescript
// Environment variables
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_AUDIENCE=your-api-audience
AUTH0_CLIENT_ID=your-client-id
AUTH0_CLIENT_SECRET=your-client-secret
AUTH0_BASE_URL=http://localhost:3000
AUTH0_SECRET=session-encryption-secret
```
## JWT Authentication (API)
### Basic Setup
```typescript
import { auth, requiredScopes } from 'express-oauth2-jwt-bearer'
import express from 'express'
const app = express()
// JWT validation middleware
const jwtCheck = auth({
audience: process.env.AUTH0_AUDIENCE,
issuerBaseURL: `https://${process.env.AUTH0_DOMAIN}/`,
tokenSigningAlg: 'RS256',
})
// Public route
app.get('/api/public', (req, res) => {
res.json({ message: 'Public endpoint' })
})
// Protected route
app.get('/api/private', jwtCheck, (req, res) => {
res.json({
message: 'Protected endpoint',
user: req.auth?.payload,
})
})
// Route requiring specific scope
app.get(
'/api/admin',
jwtCheck,
requiredScopes('admin:read'),
(req, res) => {
res.json({ message: 'Admin data' })
}
)
```
### Custom Claims Access
```typescript
interface Auth0Payload {
sub: string
'https://myapp.com/roles': string[]
'https://myapp.com/org_id'?: string
permissions?: string[]
}
declare global {
namespace Express {
interface Request {
auth?: {
payload: Auth0Payload
token: string
}
}
}
}
app.get('/api/user-info', jwtCheck, (req, res) => {
const userId = req.auth?.payload.sub
const roles = req.auth?.payload['https://myapp.com/roles'] || []
const orgId = req.auth?.payload['https://myapp.com/org_id']
res.json({ userId, roles, orgId })
})
```
### Permission Middleware
```typescript
function requirePermission(permission: string) {
return (req: Reques