We often need to implement some sort of login functionality in our web apps, or authorize our app to access the user's data programmatically.
Hist...
For further actions, you may consider blocking this person and/or reporting abuse
This looks very promising, adding authentication to my side projects is always the biggest hurdle and a lot of the passport options seem outdated. Hopefully this is as plug and play as it looks.
Is there a source code for the example app that you posted? I saw a couple of demos in the repo, but i didnt specifically see the source code for the example app you posted. (this one: grant.outofindex.com)
Thanks for sharing!
Hi, Pascal, the actual source code of the example app isn't available yet, but there is really not much into it. Actually the info on the index page of the app (grant.outofindex.com) outlines just about everything.
Here is the example you are looking for: github.com/simov/grant/tree/master...
If you inspect the example app you'll see that I have exactly that - an HTML form that POST's to the
/connect/[provider]
route.Also you may find this comment useful: github.com/simov/grant/issues/61#i...
Hope that helps.
The reason I asked is because that issue is from back in 2016, and the explanation at grant.outofindex.com links to github issues and bits of documentation. I would've loved to see the source code of the example app to see it all pieced together. Any chance you could still share it somehow?
My stack consists of NginX and NodeJS+Express on the server, and Mithril in the browser. I also have separate scripts for building the config, as you can imagine there is a lot of configuration for 180 providers with all their scopes, custom fields and so on. It's fairly specific to my taste and needs, and while the code is utterly simple it was never meant to be shared as something like an 'app' that people can look and learn from.
Also what if you want to see a browser side implementation with React? Well, no luck then, I don't have any. And while the info may be a bit scattered across a few examples and sections of the docs - it's actually a fairly trivial task to implement for any web developer.
If you have any specific questions, I'm always ready to help!
Hi, @thepassle, I just published my new article about Grant:
OAuth Like a BOSS
simo ・ Jan 7 '19
Hopefully this answers a question or two.
Hey! Thanks for getting back to me, i'll be sure to check it out
Looks awesome, I am currently building a PWA with sails.js and have been looking into using passport, but this seems like a much more straightforward solution.
Hi. I'm currently getting the thing about OAuth/2. Grant purpose is to easily setup OAuth authentication with OAuth2 providers, such as Google, Twitter, Facebook, OpenID... Etc. However, what if I want my app itself to be an OAuth2 provider? Does Grant help with this?
Hi, Sebastian, Grant is an OAuth Client. Have a look at NPM, there should be at least a few good provider implementations.
Too bad, I had been hoping for a simplified explanation of OAuth. You still have to send a password for authorization, so I don't see how OAuth is an improvement over that.
When website owners use OAuth for authentication they don't have to deal with storing the user's credentials in their own database. They simply redirect the user to the OAuth provider's website - the password is entered only once and only there.
When app developers use OAuth for perpetual authorization they only send an access token with each and every request, but not the actual password of the user.
In both cases the third-party never knows the actual password of the user.