1

I am attempting to build a RESTful Web API for my application. I want to know how I can use OAuth to authenticate clients. These clients will be Single Page Applications (SPAs) or thick clients. Below is how I'd like the user experience to be:

  1. Users access a web-application
  2. The landing page provides a button to login via (Facebook, Yammer, etc)
  3. The user logs in with the external OAuth provider
  4. The OAuth provider redirects him to the return URL
  5. The page loads and makes API calls to my web API

So couple of questions:

  1. What mechanisms do I use to register different clients?
  2. How does the SPA web application hold onto the access token issued by the OAuth provider?
  3. How does my web API use the access token provided to the SPA web application and identify the user's details?

P.S. I am planning to use Node.js and express with Mongoose to build the Web API.

Improve this question

1 Answer 1

Reset to default
1

You can use Passport to get users to authorize a service (Facebook, Twitter etc) so that your web app can access their user profile.

This answer has more information on where to store the OAuth token.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.