How to implement OAuth to my Nodejs/Sails.js app?

2
votes

I have a sails.js app that generates API to my client. In order to secure my API I need to implement OAuth2.0 to my sails app. I have started to follow this tutorial: https://www.npmjs.com/package/sails-generate-auth#requirements

But I get all kinds of diffrent errors when every time when I try to lift the server. I also dont understand to where i'm suppose to send my credentials to the server and get the access token. I'm fairly new to Sails.js and just got to know OAuth and I can't find a proper guide on how to implement OAuth.

How can I implement OAuth to my app? please have a detailed answer so that I can fully understand.

UPDATE:

ok so instead I started to follow this guide: https://www.bearfruit.org/2014/07/21/tutorial-easy-authentication-for-sails-js-apps/ and I think I got everything to work as it should(?) when I register an account it saves the data in the database as it should. The login also seems to work properly But I didn't understood how I can access the actuall data like the username and email address after the login redirects me to the homepage? I've tested the login on postman and when i log in I get a cookie. What am I suppose to do with it?

1
node.jsoauthoauth-2.0sails.js
Have a look at passport.js passportjs.org/guide/oauth - Richard Macarthy
1) In what file do I put the configuration code? 2) From where do I get the passport data like client ID and client Secret? - Matan Gubkin
The sails.js gitter room is also a great place to get support: gitter.im/balderdashy/sails - Travis Webb

1 Answers

1
votes

The AuthController generated by sails-generate-auth doesn't add the user details to the session by default so you should add it manually by adding the following line to the callback function in AuthController.js 

req.session.user = user;

This is how the callback looks like with the line:

callback: function (req, res) {
function tryAgain (err) {

  // Only certain error messages are returned via req.flash('error', someError)
  // because we shouldn't expose internal authorization errors to the user.
  // We do return a generic error and the original request body.
  var flashError = req.flash('error')[0];

  if (err && !flashError ) {
    req.flash('error', 'Error.Passport.Generic');
  } else if (flashError) {
    req.flash('error', flashError);
  }
  req.flash('form', req.body);

  // If an error was thrown, redirect the user to the
  // login, register or disconnect action initiator view.
  // These views should take care of rendering the error messages.
  var action = req.param('action');

  switch (action) {
    case 'register':
      res.redirect('/register');
      break;
    case 'disconnect':
      res.redirect('back');
      break;
    default:
      res.redirect('/login');
  }
}

passport.callback(req, res, function (err, user, challenges, statuses) {
  if (err || !user) {
    return tryAgain(challenges);
  }

  req.login(user, function (err) {
    if (err) {
      return tryAgain(err);
    }

    // Mark the session as authenticated to work with default Sails sessionAuth.js policy
    req.session.authenticated = true;

    req.session.user = user;

    // Upon successful login, send the user to the homepage were req.user
    // will be available.
    res.redirect('/');
  });
});

}

You can now use the user details in any of your controllers and views by referring to req.session.user for example twitter provides your user name so you can use req.session.user.username.