integrate auth0 in a web app express / node js

Question

I'm trying to add auth0 to my web app, I've followed their tutorials and other tutorials on the web, including creating account/client and everything else, but I keep getting the usual white page loading screen and after several minutes I receive this error:

ERR_EMPTY_RESPONSE

These are parts of my code:

app.js

...
var cookieParser = require('cookie-parser');
var session = require('express-session');
var passport = require('passport');
var Auth0Strategy = require('passport-auth0');
...
// Configure Passport to use Auth0
var strategy = new Auth0Strategy(
 {
  domain: process.env.AUTH0_DOMAIN,
  clientID: process.env.AUTH0_CLIENT_ID,
  clientSecret: process.env.AUTH0_CLIENT_SECRET,
  callbackURL: process.env.AUTH0_CALLBACK_URL
  },
  (accessToken, refreshToken, extraParams, profile, done) => {
  return done(null, profile);
  }
 );

passport.use(strategy);

passport.serializeUser(function(user, done) {
 done(null, user);
});

passport.deserializeUser(function(user, done) {
 done(null, user);
});
...
app.use(cookieParser());
app.use(
  session(
    {
     secret: uuid(),
     resave: false,
     saveUninitialized: false
    }
  )
);
app.use(passport.initialize());
app.use(passport.session());
...
app.get('/', routes.index);
app.get('/home', routes.home);
...
http.createServer(app).listen(app.get('port'), function(){
  console.log('Server listening on port: ' + app.get('port'));
});
module.exports = app;

index.js

exports.home = function(req, res){
 res.render('home', { title: ' homepage ' });
};

exports.index = function(req, res){
 var express = require('express');
 var passport = require('passport');
 var router = express.Router();

var env = {
  AUTH0_CLIENT_ID: process.env.AUTH0_CLIENT_ID,
  AUTH0_DOMAIN: process.env.AUTH0_DOMAIN,
  AUTH0_CALLBACK_URL: process.env.AUTH0_CALLBACK_URL 
};

// GET home page. 
router.get('/', function(req, res, next) {
  res.render('home', { title: ' homepage ' });
});

// Perform the login
router.get(
  '/login',
  passport.authenticate('auth0', {
    clientID: env.AUTH0_CLIENT_ID,
    domain: env.AUTH0_DOMAIN,
    redirectUri: env.AUTH0_CALLBACK_URL,
    audience: 'https://' + env.AUTH0_DOMAIN + '/userinfo',
    responseType: 'code',
    scope: 'openid'
  }),
  function(req, res) {
    res.redirect('/');
  }
);

// Perform session logout and redirect to homepage
router.get('/logout', (req, res) => {
  req.logout();
  res.redirect('/');
});

// Perform the final stage of authentication and redirect to '/home'
router.get(
  '/callback',
  passport.authenticate('auth0', {
    failureRedirect: '/'
  }),
  function(req, res) {
    res.redirect(req.session.returnTo || '/home');
  }
);
}

There are some parts that are not clear to me or on which I would like to have a confirmation: 1) the callback URL must be my homepage (180.180.180.180/home) or the real first page (180.180.180.180)? Which one should be included in the auth0 dashboard?

2) In the router, should I also specify the / login and / logout fields or should these be managed directly by the auth0 API?

Sorry for my ignorance but it's days I have this problem, I do not understand if it's an authorization error with the auth0 account or something else. I have the credentials in a .env file, but they should not be the problem, as I can access other data in them to connect to my MySQL database.

Answer 1

As per the documentation of auth0 The callback URL is not necessarily the same URL to which you want users redirected after authentication.

redirect_uri field is used as a callback URL. Auth0 invokes callback URLs after the authentication process and are where your application gets routed.

You can redirect the user to a non callback URL after authenticating the user and storing the same url in web storage. On app.get(/login)...>authenticated>>landing page>>stores the access tokens So post authentication it should login to your landing page (home).

On app.get(/logout), you can clear the access tokens or make it available for desired time and let it get expired after certain time.