GitXplorerGitXplorer
b

micro-oauth

public
24 stars
2 forks
0 issues

Commits

List of commits on branch master.
Verified
caa43204f4a8346f93645072ba6ce6cb3c2cedb8

v3.0.1

bbrunolemos committed 6 years ago
Verified
360c4d0ccd9ab84db0b9b26ec45a04dfb1f35326

Fix invalid empty origin on postMessage

bbrunolemos committed 6 years ago
Verified
1b7e9304d57d5ec188ca6e1cc12a42802e5806a0

Fix duplicated ? on query string

bbrunolemos committed 6 years ago
Verified
1c20a04885a3c4158cda94995f61919a0cf1cf06

Upgrade to Now v2

bbrunolemos committed 6 years ago
Unverified
caf6095ab09df4a23a030aa7ff6dc4491c94faf0

v2.0.1

bbrunolemos committed 8 years ago
Unverified
0cf988d5b3a6dfa8aefcda4a4b7205e19d6b1a97

Small fix (popup was not closing on production)

bbrunolemos committed 8 years ago

README

The README file for this repository.

micro-oauth

A tiny microservice that makes it easier to add OAuth authentication to your application. This supports any provider that follows the OAuth2 protocol, like GitHub and Instagram.

Usage

Clone this repo

Clone the repo:

git clone git@github.com:brunolemos/micro-oauth.git

Enviroment variables

Edit the env field inside now.json. Example:

{
  // The provider you are authenticating on
  "PROVIDER": "GitHub",
  // or Instagram, ...

  // The provider authorize url (to request permissions from the user)
  "AUTHORIZE_URL": "https://github.com/login/oauth/authorize",
  // or https://www.instagram.com/oauth/authorize, ...

  // The URL to redirect the user to once the authentication was successful
  // PS: You can also pass this as a ?callback_url parameter on AUTHORIZE_URL env variable above
  "CALLBACK_URL": "myapp://oauth/github",
  // or http://localhost:1234/my/oauth/callback/xxx, ...

  // Your application client id
  "CLIENT_ID": "abc123",

  // Your application client secret
  "CLIENT_SECRET": "abc123",

  // Provider's url to get the access token
  "GET_TOKEN_URL": "https://github.com/login/oauth/access_token"
  // or https://api.instagram.com/oauth/access_token, ...
}

Create an application on the provider website (e.g. GitHub, Instagram, ...) to get your CLIENT_ID and CLIENT_SECRET if you haven't done that already.

Deploy

now

More details

To request people authorization, you need to send them to http://localhost:3000/ or the url generated by now.

You can pass a ?scope= query param to set the permissions you request from the user, check the provider docs (GitHub, Instagram, ...) You can actually pass any other parameter and they will be passed to the callback as well

When authentication was successful, the user will be redirected to the CALLBACK_URL with the access_token query param set to the provider access token. You can then use that token to interact with the Provider API! (see: GitHub API, Instagram API, ...)

E.g. setting CALLBACK_URL=myapp://oauth/github will redirect them to myapp://oauth/github/?access_token=abc123. (where abc123 is the provided access token)

If you passed other parameters to AUTHORIZE_URL, e.g. http://xxx.com/?xxx=1, it will be passed to the callback url, e.g. http://callbackurl.com/?access_token=abc123&xxx=1

Finish setup

To make this work you have to set the authorization callback URL on the provider website to whatever URL now gave you:

Authorization callback URL: 'https://your-url.now.sh/callback'

or localhost for testing:

Authorization callback URL: 'http://localhost:3000/callback'

Error handling

In case an error happens on the server, the user will be redirected to the CALLBACK_URL with the error query param set to a relevant error message.

License

Copyright (c) 2018 Bruno Lemos & Maximilian Stoiber, licensed under the MIT license. See LICENSE.md for more information.