OA.js is a client side implementation for hybrid authentication with OAuth 2.0. This authentication flow has significant functional and security advantages over pure server-side or pure client-side flow. The following steps occur in this flow (see diagram below):

1. User clicks on sign-in button. The authorization request is sent to Remote API Server
2. OAuth 2.0 Dialog is triggered for the user
3. On successful authentication one-time use code (and sometimes some other things) is returned
4. Client sends code to server (your local server)
5. Server exchanges one-time code for access-token
6. Remote server returns access-token
7. Server confirms that user is logged in or returns user as a JSON

OA.login('facebook', {
    clientId: 'your-client-id',
    redirectUri: '/auth/facebook/callback',
    scope: 'email'
}).then(function (response) { // user is authenticated
    // use response to sign in user
});