Securing Your Application with OAuth and Passport
Course info
Course info
Description
Passport.js is a simple and easy to use package that will manage OAuth authentication for you using strategies. In this course, we will work though how to use Passport to sign in to a website with Google, Twitter, and Facebook. We will discuss combining multiple social media accounts into one user account stored in a MongoDB database. We will finish by using tokens to make authenticated API calls out to Twitter and Facebook.
About the author
Jonathan is a Pluralsight Author, Technology Advisor, and Business Leader. As a member of the Chief Digital Advisory team at World Wide Technology, Jonathan is able to leverage his unique experiences and skills to drive digital transformation for his clients. As a dedicated developer community leader, Jonathan serves on the board of directors for the Kansas City Developers Conference, is a Microsoft MVP, and is a regular speaker and keynote presenter at conferences around the globe.
More from the author
Section Introduction Transcripts
Introduction
Welcome to Securing Your Application with OAuth and Passport. js. I'm Jonathan Mills from Pluralsight. You see these everywhere, all over the internet. Sign in with Facebook or sign in with Google, sign in with Twitter. In this course, we're going to talk about how to make that happen. How to set your website up to hook into Google or Facebook or Twitter or GitHub and use those credentials to sign in to your website. Over the course of this course, we're going to talk, Social Media Integration. We're actually going to build a website that will pull data from all the different social media sites and display it in one place. As part of that, we'll talk about OAuth and what it is and how it works, and then we'll implement sign in with Google. We'll do the other ones as well, but we're going to start with sign in with Google. We'll use that profile data that comes back to build our own user, and then we'll start securing pages. We'll talk about how to use Passport to make some pages available to signed in users and some pages that are available to everybody. We'll also start retrieving data, so once we're signed in with Google, then we'll use the tokens that come back to actually go pull data back from those social media sites. Now, in this course, I'm going to assume a certain level of knowledge of node. js and express. So, I'm going to talk about some things with express and assume that you kind of know what we're talking about. If you don't, if you don't have experience with express or node. js, that's fine, kind of follow through, but you might start with an intro note or maybe my other course, my RESTful APIs with the node, that might get you started as well.
Sign in with Google
I'm Jonathan Mills and in this module we're going to start learning how to sign in with google. Now we've started down the path of building out a social media integration website. And all we've gotten to so far is building out an express generated site. So, we've got some routes and some basic express set up. But that's all we've done so far. So the first thing we're going to do is install Passport and start working with the Passport middleware. Passport is built almost exclusively on middleware that's going to interrupt your express routes and act on them and either redirect people out to Google. Or take what it gets back from Google and start adding it to your request objects so that you can use it for authenticated pieces of information. We're going to look at the Google console. We'll go out to developer. google. com and we'll build an application out there and let Google know what levels of access we need and what pieces of data we need. And then Google will give us a token that we can use to authenticate users against their Google credentials. We'll use the Google OAuth strategy and that'll do a lot o' the work for us when it comes to actually logging somebody in with Google. And then we'll use that Google profile data to display username and maybe a picture up on our website.
Adding in More Providers
I'm Jonathan Mills and in this module, we're going to start adding in some more OAuth providers. So we're working through building on a social media integration website. We've already got part of it working, we've got Google integration done. So in this module, we're going to start off by talking a little bit about code structure. Right now, everything's in app. js and we don't want to keep it there. We want to start moving it around a little bit. So we'll talk about where to put that code and how to break it out into something that's meaningful to us. We're going to talk about how to use passport to secure a route. So we're going to create a user's route and we're going to make sure that a user's logged in before they can get to that route, and we'll talk about how to do that. We're going to start in on Twitter integration. We'll do the Login with Twitter piece. Very similar to how we did Login with Google, we'll do Login with Twitter. And then we're going to do Facebook integration, we'll talk about what makes Facebook and Twitter a little different than Google, and how to deal with those differences. So we'll get those two pieces working.
Calling OAuth Providers
I'm Jonathan Mills, and in this module we're going to start calling out to these other OAuth providers to pull data back using the token that we've gotten through our sign in process. So we're marching down this path of social media integration which means we're signing in with Google, Facebook and Twitter, and you've got the basics for how to sign in with just about any other social media platform out there that allows OAuth. Now in this module, we're going to start tying together those providers. Right now I can sign in with Google or I can sign in with Twitter. We're going to start by talking about how to have both a Google sign in and a Twitter sign in tied to the same user. We're going to start saving our user to MongoDB so that we can sign in with Google, save that to the database and then the next time we pull that user back up, we're pulling them out of the database. We're going to make calls out to the Twitter API and the Facebook API to start polling data back using that token that we have, that passports handing back to us from the social media platform.