Modern OAuth/OAuth2 authenticator.
- Pre-configured for popular providers: Apple, Google, Facebook, Foursquare, Github, Twitter, LinkedIn, LINE, Pinterest, Tumblr, Instagram.
- Pre-configured for popular scopes: email, profile, etc. with account fetching for basic user information.
- OAuth/OAuth2 utilities are available for customizing new providers.
- The only dependencies are
r3986andjws(jwsis required for Google and Apple token check). - Strongly typed with TypeScript.
- Support PKCE(Proof Key for Code Exchange).
- Generic and pure interface. Do not depend on any framework.
- With
yarn:yarn add express-authenticators. - With
npm:npm install --save express-authenticators.
-
fetchpolyfilled. - NodeJS >= v14.17.0 (to use
randomUUID()).
export {
getGoogleConsentUrl, getGoogleAccessToken, fetchGoogleProfile, refreshGoogleAccessToken, verifyGoogleIdToken,
getFacebookConsentUrl, getFacebookAccessToken, fetchFacebookProfile,
getAppleConsentUrl, getAppleToken, generateAppleClientSecret, verifyAppleIdToken, revokeAppleToken,
getGithubConsentUrl, getGithubAccessToken, fetchGithubProfile,
getFoursquareConsentUrl, getFoursquareAccessToken, fetchFoursquareProfile,
getInstagramConsentUrl, getInstagramAccessToken, fetchInstagramProfile,
getLineConsentUrl, getLineAccessToken, fetchLineProfile, refreshLineAccessToken,
getLinkedInConsentUrl, getLinkedInAccessToken, fetchLinkedInProfile,
getTwitterConsentUrl, getTwitterAccessToken, fetchTwitterProfile,
getTumblrConsentUrl, getTumblrAccessToken, fetchTumblrProfile,
getZaloConsentUrl, getZaloAccessToken, fetchZaloProfile, refreshZaloAccessToken,
getPinterestConsentUrl, getPinterestAccessToken, fetchPinterestProfile,
getConsentUrl, getAccessToken,
getOauth1ConsentUrl, getOAuth1AccessToken, oauth1SignAndFetch,
}import {
getGoogleConsentUrl, getGoogleAccessToken, fetchGoogleProfile, refreshGoogleAccessToken, verifyGoogleIdToken,
} from 'express-authenticators'
import express from 'express'
import session from 'express-session'
const app = express()
app.use(session())
app.get(
'/auth/google',
async (req, res, next) => {
req.session.someInfo = 'my info' // store the user credential
try {
const {url, state} = await getGoogleConsentUrl({
clientID: 'your client id',
redirectUri: 'https://your-host.com/auth/google/callback',
})
req.session.oauthGoogle = JSON.stringify(state)
res.redirect(302, url)
} catch (e) {
next(e)
}
}
)
app.get( // for AppleAuthenticator, must use POST method instead
'/auth/google/callback',
async (req, res, next) => {
try {
const {access_token} = await getGoogleAccessToken(
{
clientID: 'your client id',
clientSecret: 'your client secret',
redirectUri: 'https://your-host.com/auth/google/callback',
},
JSON.parse(req.session.oauthGoogle),
Object.fromEntries(new URLSearchParams(new URL(`https://example.com${req.url}`).search)) // for AppleAuthenticator, use req.body instead
)
const profile = await fetchGoogleProfile(access_token)
console.log('got profile', profile)
res.send(JSON.stringify(profile))
} catch (e) {
next(e)
}
}
)All fetch profile APIs return the same interface:
interface OAuthProfile {
id?: string
email?: string
emailVerified?: boolean
first?: string
last?: string
avatar?: string
raw: any
}Where raw is the raw JSON-parsed data returned from the provider.
Other fields are calculated carefully based on the data returned from each provider.