DEV Community

Leandro Lima
Leandro Lima

Posted on

An Introduction to OAuth 2.0 with Node.js and Passport.js

An Introduction to OAuth 2.0 with Node.js and Passport.js

Authenticating users on the web is an essential part of modern applications. OAuth 2.0 is the newest version of the OAuth protocol, and is widely used for authentication with web services. In this article, we will discuss how to use OAuth 2.0 with Node.js and Passport.js for user authentication.

What is OAuth 2.0?

OAuth 2.0 is an authorization protocol that simplifies authentication for users and services. It allows users to grant access to their data, or authorize a service to access their data, while still maintaining control over their data. For example, if a user wants to access their data on Google Drive, they can use OAuth 2.0 to grant an app access to their data without having to give it their login credentials.

OAuth 2.0 is also used by developers to authenticate their users on their own applications. By leveraging OAuth 2.0, developers can securely authenticate their users without having to worry about storing their password.

How Does OAuth 2.0 Work?

OAuth 2.0 is based on the concept of granting access tokens. An access token is a random string of characters that is used to identify a user and give them access to a specific application. The flow for OAuth 2.0 works like this:

  1. User requests an access token from a service.
  2. The service authenticates the user and grants an access token.
  3. The user uses the access token to access the service.

Using OAuth 2.0 with Node.js and Passport.js

Node.js is an open source, server-side JavaScript platform. Passport.js is an authentication library for Node.js that adds support for OAuth 2.0. By leveraging Passport.js, developers can easily add user authentication to their Node.js applications.

Step 1: Install Dependencies

To use Passport.js, we will first need to install the dependencies. We will need to install passport, passport-oauth2, and passport-google-oauth20, as well as the corresponding libraries for whatever services you wish to authenticate with (e.g. Google, Facebook, Twitter).

Step 2: Set up Passport

Once the dependencies are installed, we need to configure Passport.js. In your app, you will need to require the Passport library:

var passport = require('passport');
Enter fullscreen mode Exit fullscreen mode

Then, we will need to configure Passport.js with our authentication strategies, specifying the details such as the credentials for authenticating our users.

We will specify a callback URL for Passport.js to redirect to once the authentication process is complete. This is usually the URL for our authentication controller.

passport.use(
  new GoogleStrategy(
    {
      clientID: GOOGLE_CLIENT_ID,
      clientSecret: GOOGLE_CLIENT_SECRET,
      callbackURL: 'http://localhost:3000/auth/google/callback'
    },
    function(accessToken, refreshToken, profile, cb) {
      // code to process user data
    }
  )
);
Enter fullscreen mode Exit fullscreen mode

Step 3: Implement Routes

Next, we will need to set up the routes for authentication. We will need at least three routes: one for initiating the authentication process, one for authenticating the user, and one for processing the authentication callback.

The route for initiating the authentication process will be a GET request to the /auth/<service_name> endpoint. For example, if we are authenticating with Google, our route will be /auth/google.

app.get('/auth/google', passport.authenticate('google', { scope: ['email'] }));
Enter fullscreen mode Exit fullscreen mode

The route for authenticating the user will be a POST request to the /login endpoint. This will authenticate the user with the credentials they provide.

The route for handling the authentication callback will be a GET request to the /auth/<service_name>/callback endpoint. This will be used to process the authentication response. For example, if we're authenticating with Google, our route will be /auth/google/callback.

app.get(
  '/auth/google/callback',
  passport.authenticate('google', { failureRedirect: '/login' }),
  function(req, res) {
    // authentication successful
    res.redirect('/');
  }
);
Enter fullscreen mode Exit fullscreen mode

Once we have set up the routes, we need to call the passport.authenticate middleware to authenticate the user. This will authenticate the user using the access token provided in the URL.

Conclusion

In this article, we have discussed how to use OAuth 2.0 with Node.js and Passport.js. We have seen how to install the dependencies, set up Passport.js, and implement the necessary routes. With this knowledge, you can now add user authentication to your own Node.js applications.

Top comments (0)