DEV Community

Cover image for NodeJS OAuth2.0
Fernando Amezcua
Fernando Amezcua

Posted on • Edited on

NodeJS OAuth2.0

Introduction

OAuth 2.0 is the successor to OAuth 1.0, and it's designed to work with HTTP, HTML5 and native mobile apps. It allows users to grant applications access to their data on other social networks like Facebook or Twitter (and even Slack), while keeping you in control of how much access is granted. In this article we'll look at how authentication works in OAuth 2.0 and what happens when a user grants an application permission to use their data. We'll also cover authorization parameters and how they're used by an application when making calls on behalf of another user.

OAuth 2.0 is the successor to OAuth 1.0, and is designed to work with HTTP, HTML5, and native mobile apps.

OAuth 2.0 can be used for authorization by a user agent (user browser) or as an authorizer for a service provider (service provider). The client application requests authorization from the server in order to access protected resources on behalf of the user; if successful, it may then use credentials issued by both the client application's own identity provider and any other third-party providers that have been authorized under this process (e.g., Google).

Authorization happens when you send a signed request and obtain an Access Token, it to make API calls on behalf of a user.

An access token is a string of characters that represents authorization. It's like an ID card, but it doesn't contain any personal information. When you send the signed request and obtain an access token from the authorization server, it means you're authorized to make API calls on behalf of a user.

It's good practice to ensure that users can revoke your application's access at any time.

To use OAuth 2 you need an authorization server that allows users to grant access from their accounts on behalf of third party applications such as yours. The service will check whether the requesting party has been authorized by the user before granting access—if not then they won't allow it!

Getting started
For practical purposes we are going to use a boilerplate created by wilsonwu, this boilerplate I consider is complete for understanding the OAuth protocol, but we are going to add some other cool stuffs to make an update example from library.

https://github.com/wilsonwu/express-oauth2-demo

Top comments (0)