← 返回 Skills 市场
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install auth0-express
功能描述
Use when adding authentication (login, logout, protected routes) to Express.js web applications - integrates express-openid-connect for session-based auth.
使用说明 (SKILL.md)
Auth0 Express Integration
Add authentication to Express.js web applications using express-openid-connect.
Prerequisites
- Express.js application
- Auth0 account and application configured
- If you don't have Auth0 set up yet, use the
auth0-quickstartskill first
When NOT to Use
- Single Page Applications - Use
auth0-react,auth0-vue, orauth0-angularfor client-side auth - Next.js applications - Use
auth0-nextjsskill which handles both client and server - Mobile applications - Use
auth0-react-nativefor React Native/Expo - Stateless APIs - Use JWT validation middleware instead of session-based auth
- Microservices - Use JWT validation for service-to-service auth
Quick Start Workflow
1. Install SDK
npm install express-openid-connect dotenv
2. Configure Environment
For automated setup with Auth0 CLI, see Setup Guide for complete scripts.
For manual setup:
Create .env:
SECRET=\x3Copenssl-rand-hex-32>
BASE_URL=http://localhost:3000
CLIENT_ID=your-client-id
CLIENT_SECRET=your-client-secret
ISSUER_BASE_URL=https://your-tenant.auth0.com
Generate secret: openssl rand -hex 32
3. Configure Auth Middleware
Update your Express app (app.js or index.js):
require('dotenv').config();
const express = require('express');
const { auth, requiresAuth } = require('express-openid-connect');
const app = express();
// Configure Auth0 middleware
app.use(auth({
authRequired: false, // Don't require auth for all routes
auth0Logout: true, // Enable logout endpoint
secret: process.env.SECRET,
baseURL: process.env.BASE_URL,
clientID: process.env.CLIENT_ID,
issuerBaseURL: process.env.ISSUER_BASE_URL,
clientSecret: process.env.CLIENT_SECRET
}));
app.listen(3000, () => {
console.log('Server running on http://localhost:3000');
});
This automatically creates:
/login- Login endpoint/logout- Logout endpoint/callback- OAuth callback
4. Add Routes
// Public route
app.get('/', (req, res) => {
res.send(req.oidc.isAuthenticated() ? 'Logged in' : 'Logged out');
});
// Protected route
app.get('/profile', requiresAuth(), (req, res) => {
res.send(`
\x3Ch1>Profile\x3C/h1>
\x3Cp>Name: ${req.oidc.user.name}\x3C/p>
\x3Cp>Email: ${req.oidc.user.email}\x3C/p>
\x3Cpre>${JSON.stringify(req.oidc.user, null, 2)}\x3C/pre>
\x3Ca href="/logout">Logout\x3C/a>
`);
});
// Login/logout links
app.get('/', (req, res) => {
res.send(`
${req.oidc.isAuthenticated() ? `
\x3Cp>Welcome, ${req.oidc.user.name}!\x3C/p>
\x3Ca href="/profile">Profile\x3C/a>
\x3Ca href="/logout">Logout\x3C/a>
` : `
\x3Ca href="/login">Login\x3C/a>
`}
`);
});
5. Test Authentication
Start your server:
node app.js
Visit http://localhost:3000 and test the login flow.
Detailed Documentation
- Setup Guide - Automated setup scripts, environment configuration, Auth0 CLI usage
- Integration Guide - Protected routes, sessions, API integration, error handling
- API Reference - Complete middleware API, configuration options, request properties
Common Mistakes
| Mistake | Fix |
|---|---|
| Forgot to add callback URL in Auth0 Dashboard | Add /callback path to Allowed Callback URLs (e.g., http://localhost:3000/callback) |
| Missing or weak SECRET | Generate secure secret with openssl rand -hex 32 and store in .env as SECRET |
| Setting authRequired: true globally | Set to false and use requiresAuth() middleware on specific routes |
| App created as SPA type in Auth0 | Must be Regular Web Application type for server-side auth |
| Session secret exposed in code | Always use environment variables, never hardcode secrets |
| Wrong baseURL for production | Update BASE_URL to match your production domain |
| Not handling logout returnTo | Add your domain to Allowed Logout URLs in Auth0 Dashboard |
Related Skills
auth0-quickstart- Basic Auth0 setupauth0-migration- Migrate from another auth providerauth0-mfa- Add Multi-Factor Authentication
Quick Reference
Middleware Options:
authRequired- Require auth for all routes (default: false)auth0Logout- Enable /logout endpoint (default: false)secret- Session secret (required)baseURL- Application URL (required)clientID- Auth0 client ID (required)issuerBaseURL- Auth0 tenant URL (required)
Request Properties:
req.oidc.isAuthenticated()- Check if user is logged inreq.oidc.user- User profile objectreq.oidc.accessToken- Access token for API callsreq.oidc.idToken- ID tokenreq.oidc.refreshToken- Refresh token
Common Use Cases:
- Protected routes → Use
requiresAuth()middleware (see Step 4) - Check auth status →
req.oidc.isAuthenticated() - Get user info →
req.oidc.user - Call APIs → Integration Guide
References
安全使用建议
This skill appears coherent for adding Auth0 session-based auth to an Express app. Before running the automated setup: 1) Inspect the install commands (especially the curl | sh install path) instead of piping blindly. 2) Confirm any prompt that will append to a .env or .env.local file and ensure that file is in .gitignore. 3) Never paste your CLIENT_SECRET or other secrets into public places; replace the placeholder in the env file with the real secret locally. If you prefer more control, skip the automated script and run the manual steps (npm install, create .env, configure middleware) yourself.
功能分析
Type: OpenClaw Skill
Name: auth0-express
Version: 1.0.0
The skill bundle provides legitimate documentation and automation for integrating Auth0 authentication into Express.js applications. It includes security-conscious instructions in references/setup.md that explicitly forbid the AI agent from reading existing environment files to prevent secret leakage into the LLM context and mandate user confirmation before modifying files. The automated setup script uses the official Auth0 CLI (auth0/auth0-cli) and follows standard development practices.
能力标签
能力评估
Purpose & Capability
Name/description (Auth0 + Express) match the content: installing express-openid-connect, configuring middleware, and creating protected routes are exactly what the skill documents. The optional use of the Auth0 CLI and generating a session secret are appropriate for the stated goal.
Instruction Scope
The runtime instructions include automated steps that check for and append credentials to local env files (.env or .env.local). The docs explicitly instruct the agent not to read env file contents and require explicit user confirmation before writing — that limits exfiltration risk, but the skill does instruct file modification which users should be aware of. The rest of the guidance (installing npm packages, middleware configuration, usage examples) stays within the expected scope.
Install Mechanism
The skill is instruction-only (no packaged install). The provided automated setup script may install the Auth0 CLI; it falls back to either Homebrew (macOS) or piping an install script from raw.githubusercontent.com. Using an install script piped to sh is common but higher-risk than a packaged/verified installer — it's acceptable here given the official Auth0 repo is referenced, but users should inspect the script before running.
Credentials
The skill metadata requests no environment variables or credentials. The instructions ask the developer to create local secrets (SECRET, CLIENT_SECRET, CLIENT_ID, ISSUER_BASE_URL) which are necessary for any server-side Auth0 integration; these are reasonable and proportionate. The skill does not demand unrelated credentials.
Persistence & Privilege
The skill is not force-installed (always: false) and does not modify other skills or global agent settings. It will append to a local .env/.env.local file only after explicit user confirmation per its own instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install auth0-express - 安装完成后,直接呼叫该 Skill 的名称或使用
/auth0-express触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of auth0-express skill for adding authentication to Express.js apps using express-openid-connect.
- Provides step-by-step setup for login, logout, and protected routes with session-based authentication.
- Includes troubleshooting tips, common mistakes and fixes, and links to further documentation.
- Highlights when to use (or not use) this integration and lists related skills for different frameworks and use cases.
元数据
常见问题
Auth0 Express 是什么?
Use when adding authentication (login, logout, protected routes) to Express.js web applications - integrates express-openid-connect for session-based auth. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Auth0 Express?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install auth0-express」即可一键安装,无需额外配置。
Auth0 Express 是免费的吗?
是的,Auth0 Express 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Auth0 Express 支持哪些平台?
Auth0 Express 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Auth0 Express?
由 Auth0(@auth0)开发并维护,当前版本 v1.0.0。
推荐 Skills