Skip to content

Todo app using Express, Passport, and SQLite for sign in via OAuth 2.0.

License

Notifications You must be signed in to change notification settings

passport/todos-express-oauth2-userinfo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

todos-express-oauth2-userinfo

This app illustrates how to use Passport with Express to sign users in via OAuth 2.0. Use this example as a starting point for your own web applications.

Quick Start

To run this app, clone the repository and install dependencies:

$ git clone https://github.com/passport/todos-express-oauth2-userinfo.git
$ cd todos-express-oauth2-userinfo
$ npm install

This app must be configured with an OAuth 2.0 authorization server (AS)'s endpoints, as well as a client ID and secret that has been issued by the AS.

The endpoints should be set as options to OAuth2UserInfoStrategy in routes/auth.js.

Once the client ID and secret have been obtained, create a .env file and add the following environment variables:

CLIENT_ID=__INSERT_CLIENT_ID_HERE__
CLIENT_SECRET=__INSERT_CLIENT_SECRET_HERE__

Start the server.

$ npm start

Navigate to http://localhost:3000.

Overview

This example illustrates how to use Passport and the passport-oauth2-userinfo strategy within an Express application to sign users in via OAuth 2.0. Note that OAuth 2.0 does not define a standard way to represent user profile information. This particular strategy uses the schema from OpenID Connect's UserInfo endpoint to overcome that limitation.

This app implements the features of a typical TodoMVC app, and adds sign in functionality. This app is a traditional web application, in which all application logic and data persistence is handled on the server.

User interaction is performed via HTML pages and forms, which are rendered via EJS templates and styled with vanilla CSS. Data is stored in and queried from a SQLite database.

After users sign in, a login session is established and maintained between the server and the browser with a cookie. As authenticated users interact with the app, creating and editing todo items, the login state is restored by authenticating the session.

License

The Unlicense

Credit

Created by Jared Hanson