If you’re building a Node.js app and want users to sign in with GitHub, the auth-verify library makes it simple. It provides built-in helpers for OAuth (including GitHub) alongside features like JWT, OTP, and session management.
🧠 What You’ll Build
A login flow where:
- Users click “Sign in with GitHub”
- They’re redirected to GitHub to authorize
- GitHub sends back a code
- Your server uses that code to obtain user info
The result: a logged-in user session inside your app.
🛠️ Step 1 — Prep Your GitHub OAuth App
Before code, register your app with GitHub:
- Go to GitHub Developer Settings → OAuth Apps
- Create a new OAuth app
- Set the Callback URL (example:
http://localhost:3000/auth/github/callback) - Copy your Client ID and Client Secret This is standard GitHub OAuth setup using the authorization code flow.
📦 Step 2 — Install Dependencies
In your project folder:
npm install auth-verify express
This gives you the core auth-verify library plus Express for routing.
💻 Step 3 — Basic Server Setup
Create server.js (or similar) with an Express app:
const express = require("express");
const AuthVerify = require("auth-verify");
const app = express();
// ⚡ initialize auth-verify
const auth = new AuthVerify({ storeTokens: "memory" });
// configure GitHub OAuth handler
const github = auth.oauth.github({
clientId: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
redirectUri: "http://localhost:3000/auth/github/callback"
});
// redirect user to GitHub OAuth page
app.get("/auth/github", (req, res) => {
github.redirect(res);
});
// handle callback from GitHub
app.get("/auth/github/callback", async (req, res) => {
try {
const userData = await github.callback(req);
// Here you have GitHub profile + tokens
console.log("GitHub User:", userData);
// do your own login logic (session/cookie/JWT)
res.json({ success: true, user: userData });
} catch (err) {
console.error("GitHub OAuth error", err);
res.status(500).json({ error: "OAuth failed" });
}
});
// start server
app.listen(3000, () =>
console.log("Server listening on http://localhost:3000")
);
- ✔️
github.redirect(res)sends the user to GitHub’s authorization page - ✔️
github.callback(req)retrieves access token + user details
Note: auth-verify abstracts away the GitHub token exchange and user fetch for you — this simplifies the manual POST to GitHub’s
/login/oauth/access_tokenendpoint.
🔐 Step 4 — Session or JWT
Once you have the GitHub user data:
- Create a session
- Issue a JWT
- Save user data in DB
Example (simplified JWT):
const jwtToken = await auth.jwt.sign({ id: userData.id }, "1h");
res.cookie("token", jwtToken);
Now your app can use the token to protect routes.
✨ Final Notes
🎯 Scopes
When redirecting, you can request additional scopes — e.g., user:email, repo. Just configure that in GitHub app setup or pass to the redirect function.
🛡 Security
Use secure cookies, CSRF checks, state parameters, and HTTPS in production.
📌 auth-verify Advantage
Instead of wiring manual OAuth flows, auth-verify gives you a unified API for different providers (Google, Facebook, GitHub…), JWT, OTP, and session handling.
💬 In Summary
- ✅ Register your GitHub OAuth app
- ✅ Install and configure
auth-verify - ✅ Create Express routes for redirect + callback
- ✅ Generate your tokens/sessions after successful login
Top comments (0)