node package manager



Middleware for express or connect that implements the authorization flow of oAuth. What you do with the authorization data is up to you.


Here is a working dropbox example

var oauthFlow = require('oauth-flow');
app.use('/auth/dropbox', oauthFlow({
    provider: {
        requestTokenUrl: "",
        authorizationUrl: "",
        accessTokenUrl: "",
        version: "1.0",
        type: "PLAINTEXT"
    user: {
        appKey: "APPKEY",
        appSecret: "APPSECRET"
}, function (req, res) {
    // req.oauth contains oauth_token, oauth_token_secret, oauth_access_token, 
    // and oauth_access_token_secret 

Alternatively you can omit the callback and in express do something like:

app.get('/auth/dropbox', oauthFlow({...}), function(req, res) {
    // req.oauth contains oauth_token, oauth_token_secret, oauth_access_token, 
    // and oauth_access_token_secret 

This middleware doesn't assume that you wish to use it for user authentication. Instead, it only implements the oAuth authorization flow by creating a single endpoint, for example, at:

  • /auth/dropbox

Point the user to /auth/dropbox when you want them to authorize to the app. You can add your own custom parameters to the url.

After the user authorizes your app, they will be redirected back to /auth/dropbox There, oauth-flow will put the authorization parameters in req.oauth then call your custom middleware. Custom parameters that were passed when you sent the user to /auth/dropbox/ will also be passed when returning.

What you do afterwards with the authorization data is entirely up to you. You may create a new user, authenticate a user, add their account or do something entirely different. You can redirect them to the original URL, or alternaively if you opened the authorization dialog in a new window, simply send a script to close the window - oauth-flow doesn't limit you to any particular use.


Look in tests for a working OAuth 2 example