a blog for those who code

Friday 28 April 2017

How to implement OAuth in Express.js Application

In this post we will be discussing about implementing OAuth in Express.js Application. OAuth is commonly known as Open Standard for Authorization which is used to authorize websites to access and share information without giving them the password. In simple words OAuth helps third-party application to access the user data without exposng the password for ex, login with github, login with twitter etc.

There are 3 main entities involved in OAuth and those are Owner (user having the github or twitter account whose data will be accessed), OAuth Client (application which wants owner details) and OAuth Provider (third party application e.g. github, twitter) as shown below.

After you click Sign Up with Google it will ask you that do you want StackExchange to view your information as shown below :

Now we are going to implement the same thing i.e. OAuth in Express.js Application using Grant Module. Grant is an OAuth middleware for Express which has over 150 Supported Providers. We will be using Twitter as OAuth provider. In Twitter you need to create an application to get Consumer Key and Consumer Secret Key, you can get more information about the same here. You also need to provide a Callback URL where the user will be redirected back to the server, after being granted access to the application.

To use Grant in Express we need to install grant-express using npm as shown below :

npm install grant-express

Next is to write a Grant Configuration file where we need to provide the configuration about the server and the provider information (twitter in our case). Key is the consumer_key and secret is the secret_key of your app and callback is the specific callback which you need to use for this provider.

  "server": {
    "protocol": "http",
    "host": "localhost:8010"
  "twitter": {
    "callback": "/twitter_callback"

Next is to create your app.js file in your Express application as shown below. In the code we are requiring the Grant module and initializing it by passing the configuration file. Then we are defining our routes which will handle the response data returned after the OAuth flow.

var express = require('express');
var session = require('express-session');
var Grant = require('grant-express');
var grant = new Grant(require("./config.json"));

var app = express();
app.use(session({secret: 'grant',resave: true, saveUninitialized: true}));


app.get('/twitter_callback', function(req,res) {
  res.end("Authorization Succeded");
console.log('Express App is running on port 8010...');

Then we will run the application using the command node app.js and navigate to localhost:8010/connect/twitter which will take you to the Twitter authorization page and once you are authorized you will get the response as Authorization Succeeded.

Please Like and Share CodingDefined.com blog, if you find it interesting and helpful.

No comments:

Post a Comment