Key Concepts

Review core concepts you need to learn to master this subject

OAuth 2.0

OAuth 2.0 is the current industry standard for authorization. It allows third-parties to access information across websites without needing the credentials for each website.

OAuth 2.0 in Express
Lesson 1 of 1
  1. 1
    OAuth is an authorization framework that provides specific authorization flows which allow unrelated servers to access authenticated resources without sharing any passwords. It works by allowing …
  2. 2
    Throughout this lesson, we’ll implement an OAuth application using Node.js. In the workspace to the right, there is a simple website built using Express fra…
  3. 3
    OAuth describes a protocol for authentication, and there are many open-source and commercial libraries for various programming languages to help implement it. We will use…
  4. 4
    Inside app.js, where we have included the oauth2-server package, we’ll create an instance of the OAuth2Server object a…
  5. 5
    OAuth defines two types of clients—confidential clients and public clients. Public clients are not able to st…
  6. 6
    OAuth2Server requires certain functions implemented in the model regardless of the authorization flow used. The getClient() function is an example of a required model function for all flows. The fu…
  7. 7
    The saveToken() function must be implemented for all grant types in the model used by OAuth2Se…
  8. 8
    Certain grant types have specific functions that must be implemented for them to work. The Client Credentials grant type must have the [ getUserFromClient() function](https://oauth2-server.readthed…
  9. 9
    Now that our model functions for generating and saving access tokens are implemented in model.js, we need to create a callback function to handle obtaining the access token whenever a URL is re…
  10. 10
    Now that we’ve written the code to obtain an access token, we can use it to restrict access to content unless a user is authenticated with a valid access token. Inside model.js, we implement th…
  11. 11
    With the model function for checking access tokens implemented, let’s create a middleware function to handle authenticating access tokens inside our application. Inside app.js, we will create a…
  12. 12
    Great job! We’ve implemented the Client Credentials OAuth 2.0 flow in our application! The handling of access tokens is done with HTTP requests. We can make an HTTP POST request to the /auth route …
  13. 13
    Great job! You’ve written the OAuth application and tested the endpoints. Of course, in a typical application we wouldn’t be using cURL to obtain and use access tokens. In the project workspace on …

How you'll master it

Stress-test your knowledge with quizzes that help commit syntax to memory

Pro Logo