Auth0's official middleware for protecting Express APIs with JWT Bearer tokens. It handles the entire validation chain: signature verification, audience and issuer checks, expiry validation, and claim extraction. The setup is straightforward if you remember to create an API (not an Application) in the Auth0 dashboard and keep your domain as a hostname without the https:// prefix. Includes helpers for scope-based RBAC with requiredScopes() and claimIncludes(), plus DPoP support if you need proof-of-possession. The skill docs emphasize passing scopes as space-separated strings or arrays, not multiple arguments, which is a common gotcha. Better than rolling your own JWT validation, and the bootstrap script with Auth0 CLI can configure everything automatically.
npx skills add https://github.com/auth0/agent-skills --skill express-oauth2-jwt-bearer