17 September, 2012 3 Comments Uncategorized , , ,

OAuth authentication with Passport.js and integration with jade

Again, we’re talking about a technology used on www.parkuik.com (aren’t you registered yet? ;P)

Although simple registration via username and password is really important (which I’ll do in the near future), nowadays It’s more important to give users website access through OAuth providers such as Facebook or Twitter. There are tons of them, but of course, these two are the best knowns.

First of all, I must say that there are two major options on node.js world to include OAuth log in: Passport.js and Everyauth. These two are valid options, but I must say that I started with everyauth months ago and it was very buggy. I don’t know how it is right now, but if I have to tell you one of them to use, I’ll go with passport.js (which includes OAuth and simple registration).

So, first of all, you need to register your application to all of OAuth providers you want to use. This is different for each provider, so just go to its website and try it. It’s pretty simple =).

Once you’ve done that, you’ll have two keys. Depending on the OAuth provider they’ll be called different. Facebook uses appId and appSecret, Twitter uses consumerKey and consumerSecret, Github uses appId and appSecret, etc.

Now, install passport on your project:

This is not the only thing you have to install. For every oauth provider you want to work with, you must install its module. For facebook, passport-facebook, for twitter, passport-twitter, etc.

First of all, I’m used to include these oauth token keys or however-you-want-to-call-them, in a sepparate file avoinding mixing it with all the app:

You must configure your app and routes to use OAuth. This must be done on the main file, which I usually call app.js. This could be done this way (I’m posting only twitter solution because other providers are done the same way):

And now we have to define our callbacks and routes. This includes all the work to insert users and get them from database.

Here I’m using mongoose to work with MongoDB database, but of course, you could use whatever you want.

As you can see in routes defined by express, /logout is used to log the user out. So, just put a link to logout, and it’ll be done.

Other things you can do? define a “isAuthenticated” function (you must come up with a solution that works for you) and use it this way to access protected resources:

Or you may want to define herlpers to use variables on your jade templates:

If you want to use it on a jade template, just call it this way:

Pretty simple!

Do you know any other solutions? more efficient?

Thanks!

3 thoughts on OAuth authentication with Passport.js and integration with jade

  1. Chantal · 19 September, 2012 at 4:49 pm ·

    Hi Javier,

    while looking for a way to create the callbackURL dynamically (using req.host etc.) I stumbled over your article. Would you mind sharing the code of your callbackURL(‘twitter’) method? Or do you have an idea how I could get a reference to req.host inside that method?

    Thanks in any case, cheers!
    Chantal

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>