I am trying to create a blogsite to which I have set up my authentication using auth0 and express as my backend. For the client side I am using react. To know about the info about the logged in user I need to send req.oidc.fetchUserInfo() object via the API.
By some research I have gotten to this point:
var app = express();
const { auth } = require("express-openid-connect");
...
app.use(
auth({
issuerBaseURL: process.env.AUTH0_ISSUER_BASE_URL,
baseURL: process.env.BASE_URL,
clientID: process.env.AUTH0_CLIENT_ID,
secret: process.env.SESSION_SECRET,
authRequired: false,
auth0Logout: true,
})
)
app.use((req,res,next) => {
res.locals.isAuthenticated = req.oidc.isAuthenticated();
next();
})
const asyncMiddleware = fn =>
(req, res, next) => {
Promise.resolve(fn(req, res, next))
.catch(next);
};
app.get('/user-info', asyncMiddleware(async (req, res) => {
const userInfo = await req.oidc.fetchUserInfo();
res.json(userInfo);
}))
...
Although when I go to the address localhost:5000/user-info I ran into an error:
GET /user-info 500 859.666 ms - 736
TypeError: access_token not present in TokenSet
at Client.requestResource (/mnt/ALPHA/Projects/rajusite/server/node_modules/openid-client/lib/client.js:1022:15)
at Client.userinfo (/mnt/ALPHA/Projects/rajusite/server/node_modules/openid-client/lib/client.js:1121:33)
at RequestContext.fetchUserInfo (/mnt/ALPHA/Projects/rajusite/server/node_modules/express-openid-connect/lib/context.js:153:19)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async /mnt/ALPHA/Projects/rajusite/server/routes.js:111:22
I do realise this is regarding missing tokens which won't let me get the user's information.
I have checked Getting access token for Auth0 with Express but it's already enabled.
You need to specify what scopes (like "openid email profile...") you want to have access to and in your code I don't see that. If you don't ask for any access, then you won't get any access tokens.
See the code example here