Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

express-authenticators

Package Overview
Dependencies
Maintainers
1
Versions
31
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-authenticators

Third party authenticators in nodejs. Support various providers. Almost zero dependencies.

  • 1.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

Express Authenticators Build Status

NPM

Modern OAuth/OAuth2 authenticator.

Features

  • Pre-configured for popular providers: Apple, Google, Facebook, Foursquare, Github, Twitter, LinkedIn, LINE, Pinterest, Tumblr, Instagram.
  • Pre-configured for popular scopes: email, profile, etc. with account fetching for basic user information.
  • OAuth/OAuth2 utilities are available for customizing new providers.
  • The only dependencies are r3986 and jws (jws is required for Google and Apple token check).
  • Strongly typed with TypeScript.
  • Support PKCE(Proof Key for Code Exchange).
  • Generic and pure interface. Do not depend on any framework.

Usage

  • With yarn: yarn add express-authenticators.
  • With npm: npm install --save express-authenticators.

Requirement

  • fetch polyfilled.
  • NodeJS >= v14.17.0 (to use randomUUID()).

Exported APIs

export {
	getGoogleConsentUrl, getGoogleAccessToken, fetchGoogleProfile, refreshGoogleAccessToken, verifyGoogleIdToken,
	getFacebookConsentUrl, getFacebookAccessToken, fetchFacebookProfile,
	getAppleConsentUrl, getAppleToken, generateAppleClientSecret, verifyAppleIdToken, revokeAppleToken,
	getGithubConsentUrl, getGithubAccessToken, fetchGithubProfile,
	getFoursquareConsentUrl, getFoursquareAccessToken, fetchFoursquareProfile,
	getInstagramConsentUrl, getInstagramAccessToken, fetchInstagramProfile,
	getLineConsentUrl, getLineAccessToken, fetchLineProfile, refreshLineAccessToken,
	getLinkedInConsentUrl, getLinkedInAccessToken, fetchLinkedInProfile,
	getTwitterConsentUrl, getTwitterAccessToken, fetchTwitterProfile,
	getTumblrConsentUrl, getTumblrAccessToken, fetchTumblrProfile,
	getZaloConsentUrl, getZaloAccessToken, fetchZaloProfile, refreshZaloAccessToken,
	getPinterestConsentUrl, getPinterestAccessToken, fetchPinterestProfile,
	getConsentUrl, getAccessToken,
	getOauth1ConsentUrl, getOAuth1AccessToken, oauth1SignAndFetch,
}

Sample Usage

import {
	getGoogleConsentUrl, getGoogleAccessToken, fetchGoogleProfile, refreshGoogleAccessToken, verifyGoogleIdToken,
} from 'express-authenticators'
import express from 'express'
import session from 'express-session'

const app = express()
app.use(session())

app.get(
	'/auth/google',
	async (req, res, next) => {
		req.session.someInfo = 'my info' // store the user credential
		try {
			const {url, state} = await getGoogleConsentUrl({
        clientID: 'your client id',
        redirectUri: 'https://your-host.com/auth/google/callback',
      })
			req.session.oauthGoogle = JSON.stringify(state)
			res.redirect(302, url)
		} catch (e) {
			next(e)
		}
	}
)
app.get( // for AppleAuthenticator, must use POST method instead
	'/auth/google/callback',
	async (req, res, next) => {
		try {
			const {access_token} = await getGoogleAccessToken(
        {
          clientID: 'your client id',
          clientSecret: 'your client secret',
          redirectUri: 'https://your-host.com/auth/google/callback',
        },
				JSON.parse(req.session.oauthGoogle),
        Object.fromEntries(new URLSearchParams(new URL(`https://example.com${req.url}`).search)) // for AppleAuthenticator, use req.body instead
			)
			const profile = await fetchGoogleProfile(access_token)
			console.log('got profile', profile)
			res.send(JSON.stringify(profile))
		} catch (e) {
			next(e)
		}
	}
)

Profile interface

All fetch profile APIs return the same interface:

interface OAuthProfile {
	id?: string
	email?: string
	emailVerified?: boolean
	first?: string
	last?: string
	avatar?: string
	raw: any
}

Where raw is the raw JSON-parsed data returned from the provider. Other fields are calculated carefully based on the data returned from each provider.

Keywords

FAQs

Package last updated on 18 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc