commit e4b64f02fabcf5c939f5a4d86081a609bb2c1253
Author: Matt Huntington <matt.huntington@gmail.com>
Date:   Thu Oct 25 15:48:33 2018 -0400

    all the ham

diff --git a/package.json b/package.json
new file mode 100644
index 0000000..23f4c5e
--- /dev/null
+++ b/package.json
@@ -0,0 +1,16 @@
+{
+  "name": "oauth_express",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "body-parser": "^1.14.1",
+    "express": "^4.13.3",
+    "request": "^2.67.0"
+  }
+}
diff --git a/public/index.html b/public/index.html
new file mode 100644
index 0000000..6d42676
--- /dev/null
+++ b/public/index.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title></title>
+  </head>
+  <body>
+    <h1>Account Management</h1>
+    <form action="/accounts" method="post"/>
+      <input type="checkbox" name="github" />Github
+      <br/>
+      <input type="submit" value="Add Account" />
+    </form>
+  </body>
+</html>
diff --git a/server.js b/server.js
new file mode 100644
index 0000000..5dc3359
--- /dev/null
+++ b/server.js
@@ -0,0 +1,84 @@
+var express       = require('express'),
+    bodyParser    = require('body-parser'),
+    request       = require('request');
+    server        = express(),
+    authorize_url = 'https://github.com/login/oauth/authorize',
+    token_url     = 'https://github.com/login/oauth/access_token',
+    api_url       = 'https://api.github.com/user',
+    redirect_uri  = 'http://localhost:3000/callback',
+    encoded_redirect_uri  = encodeURIComponent(redirect_uri), // GET params can't contain / and :, so use encodeURIComponent to encode it (http%3A%2F%2Flocalhost%3A3000%2Fcallback).
+    client_id     ='f0d9ae1b220169df5421', // This is so bad.  Don't do it.  Store it in an environment variable
+    client_secret ='cb0fee01e4620355ebde01d1d38b8ac363ebe0e8', // This is so bad.  Don't do it.  Store it in an environment variable
+    access_token  =null; // This is so bad.  Don't do it.  Store it in a database for each user
+
+server.use(express.static('./public'));
+server.use(bodyParser.urlencoded({extended:true}));
+
+// This function takes an express response object and sends it the data retrieved from github
+var getAndDisplayData = function(res){
+  request({
+      uri: api_url+'?access_token=' + access_token,
+      method: 'GET',
+      headers: {
+        'User-Agent':'testapp'
+      }
+    },
+    function(error, response, body){
+      res.send(body);
+    }
+  );
+}
+
+// Receives data from manage accounts page
+server.post('/accounts', function(request, response){
+  //make sure they checked the box next to github in the account management page
+  //this is just part of the app, not official oauth.  It's meant to simulate an actual account management page
+  if(request.body.github){
+    //if access_token is null, begin oauth flow
+    //in reality, you would look in your database to find the access_token for the current user and use that
+    //for brevity, I just saved one token for everyone as a global variable.  This is bad practice.
+    if(access_token === null){
+      console.log("Beginning Access Token Flow");
+      response.redirect(authorize_url + '?scope=user%3Aemail&client_id=' + client_id + '&redirect_uri=' + encoded_redirect_uri);
+    } else {
+      //else just get the data
+      console.log("I already have the token, just get the data");
+      getAndDisplayData(response);
+    }
+  } else {
+    //if they didn't check the box next to github in the account management page, redirect them to /
+    //this is just part of the app, not official oauth.  It's meant to simulate an actual account management page
+    response.redirect('/');
+  }
+});
+
+//The is the handler for route that gets hit once, the provider redirects the user back to the redirect_uri
+server.get('/callback', function(req, res){
+  var auth_code = req.query.code;
+  //Make request to retrieve access_token
+  request({
+      uri: token_url,
+      method: 'POST',
+      form: {
+        client_id: client_id,
+        client_secret: client_secret,
+        code: auth_code,
+        redirect_uri: redirect_uri
+      }
+    },
+    function(error, response, body){ //don't confuse 'response' with 'res'.  'response' is what comes back from the server-side request to gitub.  We don't need that, just 'body'
+      //once, the call to retrieve the access_token returns...
+      access_token = body.split('&')[0].split('=')[1]; //in the real world, save this to the database and relate it to only one user.
+      //the way I did it here, it is one token for all users.  Not good.  Just a demo.
+
+      //send in 'res' so that it can send back a response to the user.
+      //remember, 'res' is the response object for the /callback route
+      getAndDisplayData(res);
+    }
+  );
+});
+
+
+server.listen(3000, function(){
+  console.log("Server is listening");
+});