![require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages](https://cdn.sanity.io/images/cgdhsj6q/production/be8ab80c8efa5907bc341c6fefe9aa20d239d890-1600x1097.png?w=400&fit=max&auto=format)
Security News
require(esm) Backported to Node.js 20, Paving the Way for ESM-Only Packages
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
mixdown-oauth
Advanced tools
OAuth library and mixdown plugin. Facilitates communication between browsers and OAuth providers. Wraps node-oauth and provides Google and Facebook flavors out of the box.
Install with npm install mixdown-oauth
.
Run tests with npm test
.
See a basic example site with node examples/example.js
.
Just require, configure and use.
Here's a simple example configured against Google.
var GoogleOAuth = require('mixdown-oauth').GoogleOAuth;
var oauth = new GoogleOAuth({
clientSecret: 'v75vSYduofxAu1nizreK4HUT', // your app's client secret
clientId: '527660584577.apps.googleusercontent.com', // your app's client id
callbackUrl: 'http://localhost:8080/oauth2callback' // callback URL from oauth provider
});
You can also configure against any provider which implements OAuth 2. The above could also be implemented as follows:
var OAuth = require('mixdown-oauth').OAuth;
var oauth = new OAuth({
clientSecret: 'v75vSYduofxAu1nizreK4HUT',
clientId: '527660584577.apps.googleusercontent.com',
callbackUrl: 'http://localhost:8080/oauth2callback',
authorizePath: 'https://accounts.google.com/o/oauth2/auth',
accessTokenPath: 'https://accounts.google.com/o/oauth2/token',
scope: 'openid profile'
});
Once initialized, you can generate an authentication URL. This will take you to the provider's login page where the user can grant permissions to your app.
var authUrl = oauth.getAuthUrl();
When they accept, they'll be redirected back to the callback URL you provided in the config. You need to listen to requests on that URL, but can pass them to the OAuth library to handle them.
var http = require('http');
var url = require('url');
http.createServer(function (req, req) {
var parsedUrl = url.parse(req.url, true);
if (parsedUrl.pathname === '/oauth2callback') {
// oauth response is passed back from the provider on the query, just pass that along
oauth.handleAuthCallback(parsedUrl.query, function (error, response) {
if (error) {
// something went wrong - possibly the login failed or the user rejected it.
res.writeHead(401, {'content-type': 'text/plain})
res.end(error.stack);
}
else {
/* logged in - you can use the session data to make calls against the oauth
* provider's API or use it to maintain a local session
*/
res.writeHead(200, {'content-type': 'application/json'});
res.end(JSON.stringify(response));
}
});
}
else {
// other stuff
}
}).listen(8080);
As a mixdown plugin, just point to any of the plugin exports as a module and include your options. Options are the same as the library, with the addition of a required provider
option, which indicates the attachment point under the OAuth namespace. This allows you to configure multiple OAuth providers or override them if necessary.
{
"plugins": {
"myOauthProvider": {
"module": "mixdown-oauth#Plugin",
"options": {
"provider": "google",
"clientSecret": "v75vSYduofxAu1nizreK4HUT",
"clientId": "527660584577.apps.googleusercontent.com",
"callbackUrl": "http://localhost:8080/oauth2callback",
"authorizePath": "https://accounts.google.com/o/oauth2/auth",
"accessTokenPath": "https://accounts.google.com/o/oauth2/token",
"scope": "openid profile"
}
},
}
}
The usual methods will be available on app.plugins.oauth.google
.
This should also work as a broadway plugin, but that is untested.
###OAuth(options)
Build a new OAuth instance against a provider.
options.clientId
client IDoptions.clientSecret
client secretoptions.authorizePath
authorization pathoptions.accessTokenPath
access token pathoptions.callbackUrl
callback URLoptions.scope
requested permissionsGet the authorization URL for the provider.
params
Optional, overrides for base options on this request. Currently only supports overriding options.scope
Used to parse the callback response upon login. Call this from your callback handler.
params
Generally, you should just pass the parsed query from the request to the callback URL as this parameter. See usage/examples.callback(error, response)
Callback function. error
if the authentication failed, otherwise the response data as an object (after passed through parseResponse
).This is an interface to inject modifications to the OAuth provider's response. Override this for custom logic and return the parsed results.
response
object returned from OAuth provider.This is an interface to get user profile information from the OAuth provider. If called without being overridden, it will throw an error. However, it is implemented on the Facebook and Google variants.
This should standardize the user's ID, first name, last name to id
, first_name
, last_name
and email
.
FAQs
OAuth libraries and plugins for mixdown/broadway
The npm package mixdown-oauth receives a total of 1 weekly downloads. As such, mixdown-oauth popularity was classified as not popular.
We found that mixdown-oauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.