Skip to main content

Integrate with NodeJS

This page describes how to integrate different types of NodeJS apps with Ory. Please have the Ory CLI installed on your system as well as a running Ory Project and a Personal Access Token.

ExpressJS with TypeScript#

This example uses NodeJS with TypeScript support and ExpressJS to set up an app with two endpoints:

  • /: can be accessed without an active Ory Session;
  • /public: can be accessed without an active Ory Session;
  • /protected: can only be accessed after registration / login - with an active Ory Session.

To get started open a new terminal and set the environment variables:

  • ORY_ACCESS_TOKEN: Use a personal access token here;
  • ORY_PROJECT_URL: Use the Project URL which you can find on the "Services & APIs" page of your project.
# IMPORTANT - The URL MUST NOT end with a trailing slash!
export ORY_PROJECT_URL=...
# e.g.
# e.g.
# export ORY_ACCESS_TOKEN=2123l8jJhSIYQZvfasd53YoRvcseg1

To get started, check out the example's source code, install the node packages, and run the app:

git clone
cd docs/examples/typescript-express
npm i
# Node, similar to Firefox, does not use the Operating System Certificate store.
# To get the self-signed SSL certificates working, we need to disable TLS Verification.
# NEVER, EVER do this in a live system.

Open another terminal and copy set the ORY_ACCESS_TOKEN env var to your Personal Access Token:


Next, run the Ory Proxy with

  • --protect-path-prefix /protected: only the path /protected needs a valid Ory Session;
  • --port 4000: the port on which the proxy should listen on;
  • http://localhost:8000/: the host and port of the NodeJS app you are protecting.
ory proxy local \
--protect-path-prefix /protected \
--port 4000 \

Your operating system will prompt you for your administrative password. The Ory Proxy sets up a temporary SSL certificate in your operating system's certificate store to enable HTTPS integration.


The registration of the self-signed SSL certificate works only in Chrome and Safari but not yet in Firefox. Also, programming languages like Golang, NodeJS, and others often do not respect the operating system certificate store. In those cases, you must disable TLS verification. This is not an issue in production!

To see what the app can do, open it at the original endpoints:

The second URL /protected will greet you with an error because no Ory Session is available.

NodeJS route is not available without authentication

However, if you open the URL through the proxy at https://localhost:4000/protected, your browser will be redirected to a login screen! Once you created an account or signed in, the application will show information about the session:

NodeJS route is not available without authentication

Code Integration#

To get the app integrated with Ory, we use the following npm dependencies:

  • @ory/client contains the Ory SDK. While not needed, the app includes an example of how to set up the SDK and use it;
  • dotenv loads environment variables from a .env file;
  • express-jwt is an express middleware for JWTs;
  • jwks-rsa a library to load the cryptographic keys for verifying JWTs using a remote URL.

Let's take a look at the annotated code!

Great! You've made it! Integrating Ory is easy and straight forward. There are many more things to come, and we are excited to have you on board!

Last updated on by aeneasr