Skip to content

Simple and unobtrusive authentication for third-party OAuth2 providers

Notifications You must be signed in to change notification settings

pitops/passgate

Repository files navigation

Passgate

Passgate

Status GitHub Issues GitHub Pull Requests License

💡 Easy third-party authentication middleware for express

📝 Table of Contents

🧐 About

Passgate is yet another OAuth2 library heavily inspired from passport with the subtle difference of having everything configured in one place.

The purpose of passgate is to provide a simple and easy unobtrusive way of authenticating with third party OAUTH2 providers. Right now, it only works with Google OAuth2 but it will be expanded in the near future.

🏁 Getting Started

In general, Passgate is a middleware that gets passed a config object and thats it. It will do the dirty work for you.

Step 1

First install the npm package

npm i passgate

Step 2

Create a file named google.js and import the following.

const GoogleStrategy = {
  google: {
    clientID: 'GOOGLE_CLIENT_ID',
    clientSecret: 'GOOGLE_CLIENT_SECRET',
    authPath: '/auth/google',
    callbackPath: '/auth/google/callback',
    revokePath: '/auth/google/revoke',
    callbackURL: `${LOCALHOST_URL}/auth/google/callback`,
    scope: ['https://www.googleapis.com/auth/youtube'],
    access_type: 'offline',
    successRedirect: '/',
    failureRedirect: '/login',
    eventCallbacks: {
      onAuthSuccess,
      onTokensRefresh,
      onAccessRevoke
    }
  }
}

function onAuthSuccess(
  {accessToken, refreshToken, tokenExpiryDate, profile},
  done
) {
  console.log({accessToken, refreshToken, tokenExpiryDate, profile})
  // do DB stuff
  done() // this must be called after you finish with DB stuff
}

function onTokensRefresh({access_token, refresh_token, expiry_date}) {
  console.log({access_token, refresh_token, expiry_date})
}

function onAccessRevoke(done) {
  // do database level stuff

  done('INSERT REFRESH TOKEN') // here pass the actual refreshToken from your db
}

module.exports = GoogleStrategy

The above code can be called a Strategy. In this case for Google. As you can see everything is in once place for authenticating and de-authenticating with Google.

Make sure you get your CLIENT_ID and CLIENT_SECRET from Google dev console

Step 3

// server.js

const express = require('express')
const passgate = require('passgate')

const GoogleStrategy = require('./google')

const app = express()
const port = process.env.PORT || 3000

passgate.init(GoogleStrategy)

app.use(passgate)

app.get('/', async (req, res) => {
  res.send('Hello world')
})

app.listen(port, () => console.log(`App running on ${port}!`))

Prerequisites

Right now Passgate only works with Express so make sure your project supports that.

TODO

  • Add Google OAUTH
  • Add Facebook OAUTH
  • Add Github OAUTH

✍️ Authors

Acknowledgements

Icon by Dryicons

About

Simple and unobtrusive authentication for third-party OAuth2 providers

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published