commit
e4b64f02fa
@ -0,0 +1,16 @@
|
||||
{
|
||||
"name": "oauth_express",
|
||||
"version": "1.0.0",
|
||||
"description": "",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"body-parser": "^1.14.1",
|
||||
"express": "^4.13.3",
|
||||
"request": "^2.67.0"
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,15 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title></title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Account Management</h1>
|
||||
<form action="/accounts" method="post"/>
|
||||
<input type="checkbox" name="github" />Github
|
||||
<br/>
|
||||
<input type="submit" value="Add Account" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
@ -0,0 +1,84 @@
|
||||
var express = require('express'),
|
||||
bodyParser = require('body-parser'),
|
||||
request = require('request');
|
||||
server = express(),
|
||||
authorize_url = 'https://github.com/login/oauth/authorize',
|
||||
token_url = 'https://github.com/login/oauth/access_token',
|
||||
api_url = 'https://api.github.com/user',
|
||||
redirect_uri = 'http://localhost:3000/callback',
|
||||
encoded_redirect_uri = encodeURIComponent(redirect_uri), // GET params can't contain / and :, so use encodeURIComponent to encode it (http%3A%2F%2Flocalhost%3A3000%2Fcallback).
|
||||
client_id ='f0d9ae1b220169df5421', // This is so bad. Don't do it. Store it in an environment variable
|
||||
client_secret ='cb0fee01e4620355ebde01d1d38b8ac363ebe0e8', // This is so bad. Don't do it. Store it in an environment variable
|
||||
access_token =null; // This is so bad. Don't do it. Store it in a database for each user
|
||||
|
||||
server.use(express.static('./public'));
|
||||
server.use(bodyParser.urlencoded({extended:true}));
|
||||
|
||||
// This function takes an express response object and sends it the data retrieved from github
|
||||
var getAndDisplayData = function(res){
|
||||
request({
|
||||
uri: api_url+'?access_token=' + access_token,
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'User-Agent':'testapp'
|
||||
}
|
||||
},
|
||||
function(error, response, body){
|
||||
res.send(body);
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
// Receives data from manage accounts page
|
||||
server.post('/accounts', function(request, response){
|
||||
//make sure they checked the box next to github in the account management page
|
||||
//this is just part of the app, not official oauth. It's meant to simulate an actual account management page
|
||||
if(request.body.github){
|
||||
//if access_token is null, begin oauth flow
|
||||
//in reality, you would look in your database to find the access_token for the current user and use that
|
||||
//for brevity, I just saved one token for everyone as a global variable. This is bad practice.
|
||||
if(access_token === null){
|
||||
console.log("Beginning Access Token Flow");
|
||||
response.redirect(authorize_url + '?scope=user%3Aemail&client_id=' + client_id + '&redirect_uri=' + encoded_redirect_uri);
|
||||
} else {
|
||||
//else just get the data
|
||||
console.log("I already have the token, just get the data");
|
||||
getAndDisplayData(response);
|
||||
}
|
||||
} else {
|
||||
//if they didn't check the box next to github in the account management page, redirect them to /
|
||||
//this is just part of the app, not official oauth. It's meant to simulate an actual account management page
|
||||
response.redirect('/');
|
||||
}
|
||||
});
|
||||
|
||||
//The is the handler for route that gets hit once, the provider redirects the user back to the redirect_uri
|
||||
server.get('/callback', function(req, res){
|
||||
var auth_code = req.query.code;
|
||||
//Make request to retrieve access_token
|
||||
request({
|
||||
uri: token_url,
|
||||
method: 'POST',
|
||||
form: {
|
||||
client_id: client_id,
|
||||
client_secret: client_secret,
|
||||
code: auth_code,
|
||||
redirect_uri: redirect_uri
|
||||
}
|
||||
},
|
||||
function(error, response, body){ //don't confuse 'response' with 'res'. 'response' is what comes back from the server-side request to gitub. We don't need that, just 'body'
|
||||
//once, the call to retrieve the access_token returns...
|
||||
access_token = body.split('&')[0].split('=')[1]; //in the real world, save this to the database and relate it to only one user.
|
||||
//the way I did it here, it is one token for all users. Not good. Just a demo.
|
||||
|
||||
//send in 'res' so that it can send back a response to the user.
|
||||
//remember, 'res' is the response object for the /callback route
|
||||
getAndDisplayData(res);
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
|
||||
server.listen(3000, function(){
|
||||
console.log("Server is listening");
|
||||
});
|
||||
Loading…
Reference in new issue