Skip to main content

Express Quickstart

Use this guide to add ThunderID authentication to an Express app with sign-in, sign-out, and route protection.

What You Will Learn
  • Create a new Express app
  • Install the @thunderid/express package
  • Add working sign-in and sign-out routes
  • Protect routes and access the signed-in user
Prerequisites
  • About 15 minutes
  • Node.js installed on your system
  • npm, yarn, or pnpm
  • Your preferred code editor
1

Run ThunderID

Start a local ThunderID instance. Pick the method that works best for you:

$npx thunderid

Requires Node.js 18+

Full install guide →

Once it's running, the console is available at https://localhost:8090.

2

Create an Application

Open the Console at https://localhost:8090/console, navigate to Applications, and click Add Application:

  1. Under Technology, select Express.
  2. Enter a name (e.g. My Express App) and create an application. The rest of the settings can stay at their defaults.
  3. Copy both the Client ID and Client Secret from the window that pops up. The Client ID can also be found in the General tab.
  4. Under General, add http://localhost:3000/login to the list of Authorized Redirect URIs.
3

Create an Express App

Create your new Node.js application:

mkdir my-express-app
cd my-express-app
npm init -y
npm install express cookie-parser
4

Install the SDK and Dependencies

Install the ThunderID Express SDK:

npm install @thunderid/express
5

Add Authentication Middleware and Routes

Create an index.js file with ThunderID middleware and auth routes:

index.js
const express = require('express');
const cookieParser = require('cookie-parser');
const {thunderID, handleSignIn, handleSignOut, protect} = require('@thunderid/express');

const app = express();
const port = 3000;

app.use(cookieParser());
app.use(express.json());

app.use(
thunderID({
baseUrl: 'https://localhost:8090',
clientId: '<your-client-id>',
clientSecret: '<your-client-secret>',
afterSignInUrl: 'http://localhost:3000/login',
afterSignOutUrl: 'http://localhost:3000/logout',
}),
);

app.get('/', (_req, res) => {
res.send('<a href="/protected">Go to protected page</a>');
});

app.get('/login', handleSignIn());
app.get('/logout', handleSignOut());

app.get(
'/protected',
protect((res) => res.redirect('/login')),
(_req, res) => {
res.send('You are signed in and can access this protected route.');
},
);

app.get('/me', protect(), async (req, res) => {
const user = await req.thunderIDAuth.getUserFromRequest(req);
res.json(user);
});

app.listen(port, () => {
console.log(`Server running on http://localhost:${port}`);
});
Configuration

Replace <your-client-id> and <your-client-secret> with values from your ThunderID application. Make sure the authorized redirect URL in your application settings is set to http://localhost:3000/login.

6

Run Your App

Start the server:

node index.js

Open http://localhost:3000/protected.

You should be redirected to ThunderID sign-in. After successful login, you'll return to your app and access the protected route. Then open http://localhost:3000/me to inspect the signed-in user profile.

Test credentials

You'll need a user to sign in with. If you haven't created one yet, open https://localhost:8090/console, navigate to Users, and add a test user with an email and password.

Success

You should see the sign-in link. Click it to be redirected to the ThunderID-hosted sign-in page. After authenticating with your test user, you'll return to the app as a signed-in user.

What's Next

ThunderID LogoThunderID Logo

Product

DocsAPIsSDKs
© WSO2 LLC. All rights reserved.Privacy PolicyCookie Policy