OA.js is a client side implementation for hybrid authentication with OAuth 2.0. This authentication flow has significant functional and security advantages over pure server-side or pure client-side flow. The following steps occur in this flow (see diagram below):
- User clicks on sign-in button. The authorization request is sent to Remote API Server
- OAuth 2.0 Dialog is triggered for the user
- On successful authentication one-time use code (and sometimes some other things) is returned
- Client sends code to server (your local server)
- Server exchanges one-time code for access-token
- Remote server returns access-token
- Server confirms that user is logged in or returns user as a JSON
OA.login('facebook', {
clientId: 'your-client-id',
redirectUri: '/auth/facebook/callback',
scope: 'email'
}).then(function (response) { // user is authenticated
// use response to sign in user
});