OAuth defines two types of clients—confidential clients and public clients.

Public clients are not able to store credentials securely and can only use grant types that do not use their client secret.

Confidential clients are applications that can be registered to an authorization server using credentials, a Client ID and a Client Secret, that can be secured without exposing it to a third party. They require a backend server to store the credentials. The client’s ability to securely store credentials determines which type of OAuth authorization flows should be used.

We’ll be implementing the Client Credentials flow to obtain an access token for authentication. When a developer registers a client in an OAuth application, they’ll need a Client ID, a public identifier for apps that is unique across all clients and the authorization server. A Client Secret is a secret key known only to the application and an authorization server.

OAuth 2.0 is flexible in which databases to use, and the oauth2-server package implicitly allows the including Postgres, MongoDB, and Redis. For our example application, we use an in-memory database defined in db.js. Inside db.js, we use modules.exports to create a module to hold our confidential client credentials and access tokens.

We can register an application to the list of confidentialClients in db.js. Inside the module.exports object, we create an attribute named confidentialClients and set it equal to an array. Within the array we an object with the clientId and clientSecret, and provide a client_credentials grant type in an array like this:

module.exports = { confidentialClients: [{ clientId: 'secretapplication', clientSecret: 'topsecret', grants: [ 'client_credentials' ] }] }

In our database, we’ll also need to create a location to eventually store our access tokens. Within the module.exports object, we create another property named tokens and give it the value of an empty array.

module.exports = { // Confidential Clients Settings tokens: [] }

In the workspace to the right there is a sample database file named, sample_database.js.



Inside module.exports in db.js, add a property named confidentialClients and set its value to an empty array. Then add a new client to the confidentialClients array with clientId of 'codecademy'.


In the object we just created inside the array for the confidentialClients key, add the clientSecret key with the value '[email protected]'.


Inside the object that we created, add a new key named the grant. Set its value to an array with a single element, client_credentials.


Inside module.exports, and outside of the confidentialClients key, create a new property named `tokens’ and set it to an empty array.


Inside model.js import db.js into a let variable named db using the require() function at the top of model.js.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.
Already have an account?