Skip to content

apintok/authflow

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

6 Commits
public
public
ย 
ย 
views
views
ย 
ย 
.gitignore
.gitignore
ย 
ย 
README.md
README.md
ย 
ย 
app.js
app.js
ย 
ย 
package-lock.json
package-lock.json
ย 
ย 
package.json
package.json
ย 
ย 

Repository files navigation

v 1.0.0 ๐Ÿ”จ

Introduction ๐Ÿ“–

This small App main goal is to help understand and troubleshoot oAuth 2.0 Flow. It was made with NetSuite ERP as the client provider of the Integration details. This version shows how to get the Access Token which is used to authenticate Restlets or REST Web Services. For the time being this App intent is to be executed locally.

Requirements ๐Ÿ“

This App current version requires the following dependencies:

  • express
  • ejs
  • dotenv
  • axios

Please refer to package.json

Installation ๐Ÿ–Š๏ธ

It should be a standard installation using npm install after downloading the code.

Important to note that the Redirect URI needs to use https protocol. This is mandatory. As the App runs locally only, is necessary to configure SSL.

Is necessary to have a cert.pem file and also a key.pem. I used OpenSSL for achieving this.

A config.env needs to be added relatively to app.js. As the App runs locally it should have a config.env file that looks like:

Add the Client ID and Secret and replace the ACCOUNT ID in both URLs for the respective ones.

Current Funcionality โœ”๏ธ

Step 1:

In order to reach the endpoint of the client there are 5 mandatory parameters. Is necessary to enter the Client ID, the State, the Redirect URI and select one or both of Restlets and Rest Web Services for the Scope. The Response Type is always 'code', so no need to enter it.

After clicking Authorize, user is redirected to the consent screen. After authorizing access, there's another redirect back to the App. This redirect will provide the Code parameter provided by the Client which is needed for the next step.

Step 2:

To get the Token is necessary to enter the Code. This is done automatically by the App (the Code value is taken from the URL Parameters). The Redirect URI will be saved locally and is passed from Step 1 to Step 2. The Grant Type is always Authorization Code for this step. Click Get Token. The Access Token will be returned at the bottom of the page under the Token Result section.

Refresh Token (Step 3):

Here the current issued Token can be refreshed if necessary. Only 2 parameters are needed: the Grant Type and the Refresh Token returned from Step 2. The Grant Type always needs to be Refresh Token.

Revoke Token (Step 4):

The value of the token parameter is the value of the refresh token that the application revokes. The Refresh Token value returned from either Step 2 or Step 3

Next Steps / Working on ๐Ÿšง

  • UI
    • Simple;
    • Improve the forms;
    • Add Refresh Token option;
    • Add Revoke Token option;
    • ...
  • NodeJS Code
    • Structure the Routes;
    • Create a option/function to automatically generate a new state;
    • Create a function for the Error handling;
    • Create a function to separate the Checkbox values return by the form; โœ”๏ธ
    • Function to deal with the Basic Auth โœ”๏ธ
    • ...
  • Client JS
    • ...
  • Problems
    • On Step 1, it should be possible to select one or both checkboxes. None should not be possible. If none are selected this will break the flow;
    • On Step 2, one checkbox needs to be mandatory. None or both should not be possible, so I'll use Radio Buttons instead; โœ”๏ธ
    • There are several I bet. Work in progress...

Errors โ›”

No issues to report yet.

About

oAuth 2.0 Flow Study

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages