auth0-developer-hub / api_express_javascript_hello-world Goto Github PK

1. Github instructions: In the very first section which reads Start by cloning the api_express_javascript_hello-world repository on its starter branch: it would be helpful to make tutorial language more explicitly highlight git checkout staging after cloning (which drop student into main). Student will see unfamiliar errors if they have not checked out staging branch when the execute npm run dev command further on.

2. API setup instructions: The tutorial provides https://hello-world.example.com with an explicit COPY button, but if user uses this in their Auth0 Mgmt console, they may get initial error stating "you don't have access to this URL". This happened to me, not sure why (perhaps this some kind of serverless cacheing issue?). On my second try, I was able to get this working with this URL from the tutorial: https://hello-world.example.com

4. API setup instructions: After successfully creating the API, the user is brought to the Quickstart page on the Auth0 management console -- that gives instructions that should be ignored, yet the tutorial is silent on what to do (if anything) with instructions on this page

1. Choose a JWT library
As your API will be parsing JWT formatted access tokens, you will need to setup these capabilities on your API.
You can navigate to jwt.io and choose from there. Remember to pick a library that support your selected signing algorithm.

2. Configuring your API to accept RS256 signed tokens
Configure the library that will validate the access tokens in your API. Validating a token means that you are certain you can trust its contents.

5. Get the Auth0 domain: my company domain does not follow the exact pattern of tenant-name.region.auth0.com listed in the tutorial (it does not have "region" element...). Recommend Auth0 move the blue box in tutorial that is just below where the user pastes in their domain, to just a few lines above -- perhaps above the step that starts with: Paste the Auth0 domain value.... which would be more helpful to the new reader.

6. PORT env var. The env var name PORT is very common, used by other apps, and will likely already be used in user env for other projects. If the user follows the tutorial and does not check existing env vars, they will get this strange error if PORT is already defined to another number, and their Auth0 tutorial webserver is running: curl: (7) Failed to connect to localhost port 6060 after 0 ms: Connection refused. They may think there is a mistake with their tutorial or setup.


To avoid conflicts and confusion with a new env value for PORT - recommend Auth0 refactor this PORT var name to something unique like PORT_AUTH0_API_DEMO across all files, so there is no conflict. I was going to do a branch, but thought for a simple fix, maybe easier for maintainer to search/replace.