NodeJS - Execute an authorization grant

to.charlie.nash · May 30, 2018, 7:40pm

Question:
I the doc, section titled “Execute an authorization grant flow”, the first step is to get the User’s Authorization.
The doc, states “To begin an Authorization Code flow, your web application should first send the user to the authorization URL: etc”.
My appologies if this question is a basic nodejs development related one, but how do you do that in nodejs? Are we talking to make a http POST request to the URL?

Thanks!
Charlie

luis.rudge · May 30, 2018, 8:07pm

DId you try our nodejs quick starts? Auth0 Express SDK Quickstarts: Login

to.charlie.nash · May 30, 2018, 8:40pm

Yes, I reviewed and tested the code you referenced. But this code doesn’t execute an authorization grant flow, as per my initial question.
C-

sgmeyer · May 30, 2018, 8:55pm

This quick start uses express + passport.js to initiate this flow. That code is well encapsulated. This is the exact line that does this with middleware:

github.com

auth0-samples/auth0-nodejs-webapp-sample/blob/master/01-Login/routes/index.js#L17-L23


      
          var express = require('express');
          var router = express.Router();
          
          
/* GET home page. */
          router.get('/', function (req, res, next) {
            res.render('index', { title: 'Auth0 Webapp sample Nodejs' });
          });
          
          
module.exports = router;

This is how it works. When the server is spun up it configures passport.js with the passport-auth0 strategy. When calling the login endpoint it checks the session for a valid/authenticated user. If one doesn’t exist that endpoint will redirect the user to the /authorize endpoint to trigger Authorization Code Flow.

Then after the user successfully logs in Auth0 will redirect the user back to here:

github.com

auth0-samples/auth0-nodejs-webapp-sample/blob/master/01-Login/routes/index.js#L33-L40


      
          var express = require('express');
          var router = express.Router();
          
          
/* GET home page. */
          router.get('/', function (req, res, next) {
            res.render('index', { title: 'Auth0 Webapp sample Nodejs' });
          });
          
          
module.exports = router;

This also uses passport.js middle ware to do the code exchange. It is actually using the auth0 strategy as well to do the state validation and code exchange. You can see how passport and the auth0 strategy are configured here:

github.com

auth0-samples/auth0-nodejs-webapp-sample/blob/master/01-Login/app.js#L19-L44


      
            {
              domain: process.env.AUTH0_DOMAIN,
              clientID: process.env.AUTH0_CLIENT_ID,
              clientSecret: process.env.AUTH0_CLIENT_SECRET,
              callbackURL:
                process.env.AUTH0_CALLBACK_URL || 'http://localhost:3000/callback'
            },
            function (accessToken, refreshToken, extraParams, profile, done) {
              // accessToken is the token to call Auth0 API (not needed in the most cases)
              // extraParams.id_token has the JSON Web Token
              // profile has all the information from the user
              return done(null, profile);
            }
          );
          
          
passport.use(strategy);
          
          
// You can use this section to keep a smaller payload
          passport.serializeUser(function (user, done) {
            done(null, user);

This file has been truncated. show original

luis.rudge · May 30, 2018, 8:56pm

Yes, it does.
This part, actually says that you should redirect your user to the /authorization endpoint, which is what our quick start does here.