mahuntington
/
oauth_express_example
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e4b64f02fa'
${ noResults }
oauth_express_example/server.js

85 lines
3.6 KiB
Raw Blame History

var express = require('express'),
bodyParser = require('body-parser'),
request = require('request');
server = express(),
authorize_url = 'https://github.com/login/oauth/authorize',
token_url = 'https://github.com/login/oauth/access_token',
api_url = 'https://api.github.com/user',
redirect_uri = 'http://localhost:3000/callback',
encoded_redirect_uri = encodeURIComponent(redirect_uri), // GET params can't contain / and :, so use encodeURIComponent to encode it (http%3A%2F%2Flocalhost%3A3000%2Fcallback).
client_id ='f0d9ae1b220169df5421', // This is so bad. Don't do it. Store it in an environment variable
client_secret ='cb0fee01e4620355ebde01d1d38b8ac363ebe0e8', // This is so bad. Don't do it. Store it in an environment variable
access_token =null; // This is so bad. Don't do it. Store it in a database for each user
server.use(express.static('./public'));
server.use(bodyParser.urlencoded({extended:true}));
// This function takes an express response object and sends it the data retrieved from github
var getAndDisplayData = function(res){
request({
uri: api_url+'?access_token=' + access_token,
method: 'GET',
headers: {
'User-Agent':'testapp'
}
},
function(error, response, body){
res.send(body);
}
);
}
// Receives data from manage accounts page
server.post('/accounts', function(request, response){
//make sure they checked the box next to github in the account management page
//this is just part of the app, not official oauth. It's meant to simulate an actual account management page
if(request.body.github){
//if access_token is null, begin oauth flow
//in reality, you would look in your database to find the access_token for the current user and use that
//for brevity, I just saved one token for everyone as a global variable. This is bad practice.
if(access_token === null){
console.log("Beginning Access Token Flow");
response.redirect(authorize_url + '?scope=user%3Aemail&client_id=' + client_id + '&redirect_uri=' + encoded_redirect_uri);
} else {
//else just get the data
console.log("I already have the token, just get the data");
getAndDisplayData(response);
}
} else {
//if they didn't check the box next to github in the account management page, redirect them to /
//this is just part of the app, not official oauth. It's meant to simulate an actual account management page
response.redirect('/');
}
});
//The is the handler for route that gets hit once, the provider redirects the user back to the redirect_uri
server.get('/callback', function(req, res){
var auth_code = req.query.code;
//Make request to retrieve access_token
request({
uri: token_url,
method: 'POST',
form: {
client_id: client_id,
client_secret: client_secret,
code: auth_code,
redirect_uri: redirect_uri
}
},
function(error, response, body){ //don't confuse 'response' with 'res'. 'response' is what comes back from the server-side request to gitub. We don't need that, just 'body'
//once, the call to retrieve the access_token returns...
access_token = body.split('&')[0].split('=')[1]; //in the real world, save this to the database and relate it to only one user.
//the way I did it here, it is one token for all users. Not good. Just a demo.
//send in 'res' so that it can send back a response to the user.
//remember, 'res' is the response object for the /callback route
getAndDisplayData(res);
}
);
});
server.listen(3000, function(){
console.log("Server is listening");
});
Reference in new issue View Git Blame Copy Permalink