{"id":15284473,"url":"https://github.com/decodedco/express-auth0-simple","last_synced_at":"2026-02-03T10:01:08.235Z","repository":{"id":11769038,"uuid":"60845876","full_name":"DecodedCo/express-auth0-simple","owner":"DecodedCo","description":"Simple authentication middleware for integrating Auth0 with Express-based applications.","archived":false,"fork":false,"pushed_at":"2017-10-24T16:32:01.000Z","size":70,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-01T04:35:35.003Z","etag":null,"topics":["auth0","authentication-middleware","express-middleware","middleware","nodejs","simple"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/express-auth0-simple","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DecodedCo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-06-10T12:23:55.000Z","updated_at":"2019-01-23T16:24:44.000Z","dependencies_parsed_at":"2022-08-28T06:23:17.455Z","dependency_job_id":null,"html_url":"https://github.com/DecodedCo/express-auth0-simple","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/DecodedCo/express-auth0-simple","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DecodedCo%2Fexpress-auth0-simple","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DecodedCo%2Fexpress-auth0-simple/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DecodedCo%2Fexpress-auth0-simple/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DecodedCo%2Fexpress-auth0-simple/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DecodedCo","download_url":"https://codeload.github.com/DecodedCo/express-auth0-simple/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DecodedCo%2Fexpress-auth0-simple/sbom","scorecard":{"id":38840,"data":{"date":"2025-08-11","repo":{"name":"github.com/DecodedCo/express-auth0-simple","commit":"c30528a48216ed2e94369b4b86dea5b154be6f03"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":4,"reason":"Found 4/10 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T20:56:20.198Z","repository_id":11769038,"created_at":"2025-08-14T20:56:20.199Z","updated_at":"2025-08-14T20:56:20.199Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29040721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T09:57:37.951Z","status":"ssl_error","status_checked_at":"2026-02-03T09:55:14.920Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth0","authentication-middleware","express-middleware","middleware","nodejs","simple"],"created_at":"2024-09-30T14:57:08.115Z","updated_at":"2026-02-03T10:01:08.217Z","avatar_url":"https://github.com/DecodedCo.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# express-auth0-simple\nSimple authentication middleware for integrating Auth0 with Express-based applications.\n\n## About\nThis NodeJS package abstracts away the boilerplate code needed to integrate a NodeJS web application with the oauth authentication provider [Auth0](https://auth0.com/).\nThe code is based on Auth0's own setup guide and should work fine with any application using versions of the Express framework in the **4.x.x** version range.\n\n## Setup\nHere is a quickstart guide on how to setup this middleware.\n\n### Install Package\n\nRun this command within an existing node project with a `package.json` file to install the package as a dependency of your project.\n\n```sh\nnpm install --save express-auth0-simple\n```\n\n\u003e **Pro Tip:** Omit the `--save` option if you just want to install the package without adding it as a dependency.\n\nOr alternatively, add this line to the `dependencies` section of your `package.json` file:\n\n```json\n\"express-auth0-simple\": \"^3.0.0\"\n```\n\n### Use Package\n\nHaving installed the package and/or added it as a dependency to your project, you'll now need to add the following lines to the main file of your app:\n\n```js\n// You'll probably want to require() other dependencies like express first, above this line...\n\nvar expressAuth0Simple = require('express-auth0-simple'); // Import the middleware library\n\n// inititalise an instance of decoded auth\nvar auth = new expressAuth0Simple(app); // Pass in your express app instance here\n```\n\nUse the `requiresLogin` middleware method of your auth instance whenever you have one or more URL routes you want to be protected behind Auth0 authentication. Attempting to access any of the routes using this middleware will redirect the user to Auth0 to login first before allowing them to continue:\n\n```js\n// Any URL route defined after this point will require authentication\napp.use(auth.requiresLogin);\n```\n\nOR:\n\n```js\n// Here it is used as a per-route middleware to protect only this URL route\napp.get('/my-fab-route', auth.requiresLogin, function(req,res) {\n res.send('My route rocks! 🐸 💜');\n})\n```\n\n## Configuration\n\n### Environment Variables\n\nSo that your app can authenticate with Auth0, you'll need to provide your Auth0 account credentials. You need to provide your **Auth0 Client ID**, your **Auth0 Client Secret** and your **Auth0 Domain**. These values differ from app to app and you can find the values for your app in its settings page in the dashboard.\n\nThe easiest secure way of supplying these credentials to your app is via environment variables and this package will do that by default. Make sure the following environment variables have been set and are accessible to the process running the app:\n\n```sh\nexport AUTH0_CLIENT_ID='your_client_id';\nexport AUTH0_CLIENT_SECRET='your_client_secret';\nexport AUTH0_DOMAIN='companyltd.eu.auth0.com';\n```\n\nYou can also set these values via the options argument when initialising the middleware, but if you are doing this, it is _highly recommended_ that these are not stored in source code.\n\n### Options Object\n\nWhen initialising the middleware, you can optionally provide a second argument to the `expressAuth0Simple()` constructor - this should be an object. This can include options that override some configuration parameters of the middleware.\n\nThe options are:\n\n| Key | Type | Default Value | Description |\n| ------------------------ | ---------------------------------- | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `auth0` | **Object** | | Defines options that are passed directly into `passport-auth0`, these are described below |\n| `auth0.domain` | **String** | | The domain configured in your Auth0 Dashboard (Normally in the format `\u003cdomain\u003e.\u003cregion\u003e.auth0.com`) |\n| `auth0.clientID` | **String** | | Client ID as shown in your Auth0 Dashboard |\n| `auth0.clientSecret` | **String** | | Client Secret as shown in your Auth0 Dashboard |\n| `auth0.callbackURL` | **String** | `/auth/callback` | URL that your application uses to receive the OAuth callback from Auth0. This library will create an express route at that URL for you (Must match value in Auth0 Dashboard) |\n| `cookieSecret` | **String** OR **Array of Strings** | _random UUID_ | See https://github.com/expressjs/session#secret for more info (This is set to a random UUID by default and should normally not need changing) |\n| `successRedirect` | **String** | `/` | A URL to redirect to on successful Authentication |\n| `failureRedirect` | **String** | `/auth/failed` | A URL to redirect to on failed Authentication |\n| `serializeUser` | **Function** | `null` | A function to use for serialising users (see [passportjs documentation](http://passportjs.org/docs/configure)) |\n| `deserializeUser` | **Function** | `null` | A function to use for deserialising users (see [passportjs documentation](http://passportjs.org/docs/configure)) |\n| `useDefaultFailureRoute` | **Boolean** | `true` | Whether the library should automatically provide a failure route handler or not |\n\nShown here is a full options object with every key populated, but note that each key is optional and will take the default for that argument if not given (many of the default values are recommended over the values provided below, which are just for demonstration).\n\n```js\nvar options = {\n auth0: {\n domain: 'yourdomain.eu.auth0.com',\n clientID: 'client_id_super_secret',\n clientSecret: 'client_secret_super_super_secret!',\n callbackURL: '/callback'\n },\n cookieSecret: 'cookiesRkuhl',\n successRedirect: '/',\n failureRedirect: '/auth-fail',\n useDefaultFailureRoute: true\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecodedco%2Fexpress-auth0-simple","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdecodedco%2Fexpress-auth0-simple","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdecodedco%2Fexpress-auth0-simple/lists"}