Skip to content
Browse files

add passport doc

  • Loading branch information...
nguyenkims committed Aug 19, 2019
1 parent 8aee108 commit 1c1b3abcbacb603ba8d8faf01bcbae02e138f389
Showing with 125 additions and 0 deletions.
  1. +124 −0 content/docs/
  2. +1 −0 content/menu/
@@ -0,0 +1,124 @@
# Node.js - Passport

For Node.js application, we recommend [passport](, an authentication middleware for Node.js. Passport supports a comprehensive set of **strategies** including username/password login and social login (Facebook, Twitter, etc).

For SimpleLogin, you can use either [OAuth strategy]( or [OpenId Connect strategy]( In this guide, we will use the **OpenId Connect Strategy**. The code along with a step-by-step guide is also available on

## Preparation

First please install `passport`, `passport-openidconnect`, `express-session` (passport uses session to store its data)

npm install passport passport-openidconnect express-session --save

Then please store your SimpleLogin **AppID** and **AppSecret** somewhere, preferably in `env` variable as recommended in the [The Twelve Factors](

export CLIENT_ID={your_app_id}
export CLIENT_SECRET={your_app_secret}

Bootstrap the app:

var express = require('express');
// For Passport
var session = require('express-session');
var passport = require('passport');
var OidcStrategy = require('passport-openidconnect').Strategy;
var app = express();
// passportjs use session to store user info
secret: 'my-super-secret',
resave: false,
saveUninitialized: true
passport.serializeUser((user, next) => {
next(null, user);
passport.deserializeUser((obj, next) => {
next(null, obj);

## Config SimpleLogin OIDC Provider

Let's tell passport SimpleLogin OIDC (OpenID Connect) setting:

// config SimpleLogin OIDC (OpenID Connect) provider
passport.use('SimpleLogin', new OidcStrategy({
// SimpleLogin OIDC Settings
issuer: '',
authorizationURL: '',
tokenURL: '',
userInfoURL: '',
// SimpleLogin App Credential from env
clientID: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
// you might need to change the callbackURL when deploying on production
callbackURL: 'http://localhost:3000/callback',
// openid needs to be in scope
scope: 'openid'
}, (issuer, sub, profile, accessToken, refreshToken, done) => {
return done(null, profile);

## Login endpoint

When user clicks on **Login with SimpleLogin**, user gets redirected to the SimpleLogin authorization page. This is done using the `/login` endpoint. The nice thing about passport and its OpenID Connect strategy is it also takes care of generating a random `state` in the redirection URL. The `state` is necessary to defend against [CSRF attack](

// redirect user to authorization page
app.use('/login', passport.authenticate('SimpleLogin'));

## Callback endpoint

When user approves sharing data with your app, they get redirected back to the `redirect_uri` in the previous step. This route is handled by an endpoint that receives the `code` and exchanges for `access token`. The `access token` is then used to exchange for user info. Passport once again handles all these details nicely:

// user is redirected back
passport.authenticate('SimpleLogin', {
failureRedirect: '/error'
(req, res) => {
var user= req.user._json
Welcome ${}! <br>
Your email: ${} <br>
Avatar: <img src="${user.avatar_url}">

## Run the App and enjoy!

let's finish by adding this to the end:

app.listen(3000, () => console.log(`App listening`))

And run the app

node app.js

Now you should be able to login with SimpleLogin at http://localhost:3000/login

@@ -7,4 +7,5 @@ headless: true
- **Guides**
- [Flask]({{< relref "/docs/" >}})
- [Django]({{< relref "/docs/" >}})
- [Passport]({{< relref "/docs/" >}})

0 comments on commit 1c1b3ab

Please sign in to comment.
You can’t perform that action at this time.