← Back to Skills Marketplace
auth0

Auth0 Nuxt

by Auth0 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
74
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install auth0-nuxt
Description
Use when implementing Auth0 authentication in Nuxt 3/4 applications, configuring session management, protecting routes with middleware, or integrating API ac...
README (SKILL.md)

Auth0 Nuxt SDK

Overview

Server-side session authentication for Nuxt 3/4. NOT the same as @auth0/auth0-vue (client-side SPA).

Core principle: Uses server-side encrypted cookie sessions, not client-side tokens.

When to Use

Use this when:

  • Building Nuxt 3/4 applications with server-side rendering (Node.js 20 LTS+)
  • Need secure session management with encrypted cookies
  • Protecting server routes and API endpoints
  • Accessing Auth0 Management API or custom APIs

Don't use this when:

  • Using Nuxt 2 (not supported - use different Auth0 SDK)
  • Building pure client-side SPA without server (use @auth0/auth0-vue instead)
  • Using non-Auth0 authentication provider
  • Static site generation only (SSG) without server runtime

Critical Mistakes to Avoid

Mistake Solution
Installing @auth0/auth0-vue or @auth0/auth0-spa-js Use @auth0/auth0-nuxt
Auth0 app type "Single Page Application" Use "Regular Web Application"
Env vars: VITE_AUTH0_* or VUE_APP_AUTH0_* Use NUXT_AUTH0_* prefix
Using useUser() for security checks Use useAuth0(event).getSession() server-side
Missing callback URLs in Auth0 Dashboard Add http://localhost:3000/auth/callback
Weak/missing session secret Generate: openssl rand -hex 64

Quick Setup

# 1. Install
npm install @auth0/auth0-nuxt

# 2. Generate secret
openssl rand -hex 64

# 3. .env
NUXT_AUTH0_DOMAIN=your-tenant.auth0.com
NUXT_AUTH0_CLIENT_ID=your-client-id
NUXT_AUTH0_CLIENT_SECRET=your-client-secret
NUXT_AUTH0_SESSION_SECRET=\x3Cfrom-openssl>
NUXT_AUTH0_APP_BASE_URL=http://localhost:3000
NUXT_AUTH0_AUDIENCE=https://your-api  # optional

// 4. nuxt.config.ts
export default defineNuxtConfig({
  modules: ['@auth0/auth0-nuxt'],
  runtimeConfig: {
    auth0: {
      domain: '',
      clientId: '',
      clientSecret: '',
      sessionSecret: '',
      appBaseUrl: 'http://localhost:3000',
      audience: '',  // optional
    },
  },
})

Built-in Routes

The SDK automatically mounts these routes:

Route Method Purpose
/auth/login GET Initiates login flow. Supports ?returnTo=/path parameter
/auth/callback GET Handles Auth0 callback after login
/auth/logout GET Logs user out and redirects to Auth0 logout
/auth/backchannel-logout POST Receives logout tokens for back-channel logout

Customize: Pass routes: { login, callback, logout, backchannelLogout } or mountRoutes: false to module config.

Composables

Composable Context Usage
useAuth0(event) Server-side Access getUser(), getSession(), getAccessToken(), logout()
useUser() Client-side Display user data only. Never use for security checks 
// Server example
const auth0 = useAuth0(event);
const session = await auth0.getSession();

\x3Cscript setup>
const user = useUser();
\x3C/script>

\x3Ctemplate>
  \x3Cdiv v-if="user">Welcome {{ user.name }}\x3C/div>
\x3Ctemplate>

Protecting Routes

Three layers: Route middleware (client), server middleware (SSR), API guards.

// middleware/auth.ts - Client navigation
export default defineNuxtRouteMiddleware((to) => {
  if (!useUser().value) return navigateTo(`/auth/login?returnTo=${encodeURIComponent(to.path)}`);
});

// server/middleware/auth.server.ts - SSR protection
export default defineEventHandler(async (event) => {
  const url = getRequestURL(event);
  const auth0Client = useAuth0(event);
  const session = await auth0Client.getSession();
  if (!session)  {
    return sendRedirect(event, `/auth/login?returnTo=${encodeURIComponent(url.pathname)}`);
  }
});

// server/api/protected.ts - API endpoint protection
export default defineEventHandler(async (event) => {
  const auth0Client = useAuth0(event);
  const session = await auth0Client.getSession();

  if (!session) {
    throw createError({
      statusCode: 401,
      statusMessage: 'Unauthorized'
    });
  }

  return { data: 'protected data' };
});

For role-based, permission-based, and advanced patterns: route-protection.md

Session Management

Stateless (Default)

Uses encrypted, chunked cookies. No configuration needed.

Stateful (Redis, MongoDB, etc.)

For larger sessions or distributed systems:

// nuxt.config.ts
modules: [
  ['@auth0/auth0-nuxt', {
    sessionStoreFactoryPath: '~/server/utils/session-store-factory.ts'
  }]
]

For complete session store implementations, see: session-stores.md

API Integration

Configure audience for API access tokens:

// nuxt.config.ts
runtimeConfig: {
  auth0: {
    audience: 'https://your-api-identifier',
  }
}

Retrieve tokens server-side:

// server/api/call-api.ts
export default defineEventHandler(async (event) => {
  const auth0Client = useAuth0(event);
  const { accessToken } = await auth0Client.getAccessToken();

  return await $fetch('https://api.example.com/data', {
    headers: {
      Authorization: `Bearer ${accessToken}`
    }
  });
});

Security Checklist

  • ✅ Server-side validation only (never trust useUser())
  • ✅ HTTPS in production
  • ✅ Strong session secret (openssl rand -hex 64)
  • ✅ Never commit .env files
  • ✅ Stateful sessions for PII/large data

Troubleshooting

Error Solution
"Module not found" Install @auth0/auth0-nuxt, not @auth0/auth0-vue
"Missing domain/clientId/clientSecret" Check NUXT_AUTH0_ prefix, .env location, runtimeConfig
"Redirect URI mismatch" Match Auth0 Dashboard callback to appBaseUrl + /auth/callback
"useAuth0 is not defined" Use only in server context with H3 event object
Cookies too large Use stateful sessions or reduce scopes

Additional Resources

Guides: Route Protection PatternsCustom Session StoresCommon Examples

Links: Auth0-Nuxt GitHubAuth0 DocsNuxt Modules

Usage Guidance
This appears to be official guidance for integrating Auth0 with Nuxt and is internally consistent. Before using: 1) Be prepared to provide the Auth0 credentials and a strong session secret — these are sensitive and must not be committed to source control. 2) Note the registry metadata does not declare required env vars; verify you understand and securely store the NUXT_AUTH0_* values and any DB/Redis credentials used for stateful session stores. 3) Install @auth0/auth0-nuxt from the official npm package and review its package and release provenance yourself. 4) For production, enforce HTTPS, correct callback URLs, and restrict database/Redis access. 5) If you need higher assurance, confirm the skill's source repo and package versions match Auth0's official releases or request the publisher to update registry metadata to list the required env vars.
Capability Analysis
Type: OpenClaw Skill Name: auth0-nuxt Version: 1.0.0 The skill bundle provides comprehensive and secure documentation for integrating the official @auth0/auth0-nuxt SDK into Nuxt 3/4 applications. It correctly emphasizes server-side session validation over client-side checks, provides parameterized SQL queries for custom session stores (references/session-stores.md), and includes clear security checklists to prevent common misconfigurations like committing secrets or using weak session keys.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description match the SKILL.md and reference files: they provide step-by-step setup, middleware patterns, session-store examples, and security guidance for @auth0/auth0-nuxt. All binaries, packages, and APIs referenced (npm package, openssl, Auth0 endpoints, Redis/Mongo/Postgres drivers) are coherent with implementing Auth0 in Nuxt.
Instruction Scope
The runtime instructions are focused on configuring Auth0 with Nuxt (install package, set runtimeConfig/.env, add middleware, optional session store implementations). They do call external services (Auth0, example APIs) as expected for an auth integration and include patterns for protecting routes. There is no instruction to read unrelated host files or exfiltrate data.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed by the skill itself. That minimizes install-time risk. The SKILL.md tells the developer to npm install @auth0/auth0-nuxt locally, which is standard for this purpose.
Credentials
The documentation expects several sensitive environment variables (NUXT_AUTH0_DOMAIN, NUXT_AUTH0_CLIENT_ID, NUXT_AUTH0_CLIENT_SECRET, NUXT_AUTH0_SESSION_SECRET and optional DB/Redis creds) which are appropriate for an Auth0 integration. However, the registry metadata lists no required env vars or primary credential — that omission reduces transparency and should be corrected so users understand which secrets must be provided.
Persistence & Privilege
No elevated persistence or privileged flags are set (always:false). The skill does not request modifying other skills or system-wide agent settings. It is user-invocable and allowed to be invoked autonomously by default, which is normal for skills and not by itself a concern.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install auth0-nuxt
  3. After installation, invoke the skill by name or use /auth0-nuxt
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
auth0-nuxt 1.0.0 - Initial Release - Introduces server-side authentication for Nuxt 3/4 using encrypted cookie sessions. - Provides quick setup steps, best practices, and critical pitfalls to avoid. - Automatically mounts authentication routes: login, callback, logout, and backchannel-logout. - Exposes composables (`useAuth0`, `useUser`) for server and client use. - Details secure approaches to protecting routes and APIs with middleware. - Includes guides for session management (stateless/stateful) and API integration.
Metadata
Slug auth0-nuxt
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Auth0 Nuxt?

Use when implementing Auth0 authentication in Nuxt 3/4 applications, configuring session management, protecting routes with middleware, or integrating API ac... It is an AI Agent Skill for Claude Code / OpenClaw, with 74 downloads so far.

How do I install Auth0 Nuxt?

Run "/install auth0-nuxt" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Auth0 Nuxt free?

Yes, Auth0 Nuxt is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Auth0 Nuxt support?

Auth0 Nuxt is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Auth0 Nuxt?

It is built and maintained by Auth0 (@auth0); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments