OAuth defines two types of clients — confidential clients and public clients.

  • Public clients are NOT able to store credentials securely and can only use grant types that do not use their client secret.

  • Confidential clients are applications that can be registered to an authorization server using credentials. Those credentials, a client ID and a client secret, can be secured without exposing them to a third party. They require a backend server to store the credentials. A client’s ability to securely store credentials determines which type of OAuth authorization flows should be used.

We’ll be implementing the Client Credentials flow to obtain an access token for authentication. When a developer registers a client in an OAuth application, they’ll need:

  • A Client ID: a public identifier for apps that is unique across all clients and the authorization server.
  • A Client Secret: a secret key known only to the application and the authorization server.

OAuth 2.0 is flexible in which databases to use, and the oauth2-server package implicitly allows Postgres, MongoDB, and Redis. For our example application, we use an in-memory database defined in db.js. Inside db.js, we use modules.exports to create a module to hold our confidential client credentials and access tokens.

We can register an application to the list of confidentialClients in db.js. Inside the module.exports object, we create an attribute named confidentialClients and set it equal to an array. Within the array, we create an object with the clientId and clientSecret, and specify 'client_credentials' in our array of grant types.

module.exports = { confidentialClients: [{ clientId: 'secretapplication', clientSecret: 'topsecret', grants: [ 'client_credentials' ] }] }

In our database, we’ll create a location to store access tokens. Within the module.exports object, we create another property named tokens and set it equal to an empty array.

module.exports = { // Confidential Clients Settings tokens: [] }

In the workspace to the right there is a sample database file named sample_database.js.



Inside module.exports in db.js, add a property named confidentialClients and set its value to an empty array.

Then, add a new client to the confidentialClients array with clientId of 'codecademy'.


Add the clientSecret key with the value '[email protected]'.


Add a new key named the grants.

Set it equal to an array with a single element: 'client_credentials'


Inside module.exports, and outside of the confidentialClients key, create a new property named tokens and set it equal to an empty array.


At the top of model.js import db.js.

Use a let variable named db, and use the require() function.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?