Networked Media Week 9

OAuth2

OAuth2 is a standard that allows 3rd party applications to access user information on a site by allowing a user to log in and thereby provide an authorization key.

For example, OAuth2 allows you to build an application (3rd party) which allows a user to login via Facebook and gives your application access to that user's information on Facebook such as who their friends are.

To support OAuth2, you build a web application which links to a special page on the web application that you want access to. On that web application, you specify a "callback" URL which that site redirects the user to after they have authenticated. In the process of this redirect the site will typically add a "token" to the query string which when used in future requests to that platform act with permissions of that user.

Each platform implements OAuth2 in their own unique way for this reason, while there are generic OAuth2 node modules it is often much easier to use node modules developed specifically for each platform.

Facebook Example

Let's try an example:

Facebook Developer App Settings to "Add a New App" https://developers.facebook.com/apps/

Make sure you put in the right "Site URL" and "App Domains" matching where you'll run the code.

Example Code:

// Facebook API module
// https://criso.github.io/fbgraph/
// npm install fbgraph
var graph = require('fbgraph');

// Facebook App: https://developers.facebook.com/apps/
var fb_appID = 'YOUR APP ID';
var fb_secret = 'YOU SECRET';

// All of the permissions that you want access to:
// https://developers.facebook.com/docs/facebook-login/permissions
var fb_scope = 'user_likes';

// More OAuth nonsense
// Don't forget to change "localhost" to your server
var loginRedirectUrl = "http://localhost:3000/loggedin";

// get FB authorization url
var authUrl = graph.getOauthUrl({
	"client_id": fb_appID
	, "redirect_uri": loginRedirectUrl
	, "scope": fb_scope
});

// Express 
var express = require('express');
var app = express();

app.listen(3000, function () {
  console.log('Server listening on port 3000!');
});

// OAuth2 Implementation - Redirect to FB login
app.get('/', function (req, res) {
	console.log("redirecting to: " + authUrl);
	res.redirect(authUrl);
});

// FB redirected here after successful login
app.get('/loggedin', function (req, res) {
	// Access Code from Facebook
	console.log("Access Code: " + req.query.code);
	
	// Now "hit" Facebook again with "code" to get "Access Token"
	// Using the graph.authorize function to do this
	graph.authorize({
		"client_id":      fb_appID
	  , "redirect_uri":   loginRedirectUrl
	  , "client_secret":  fb_secret
	  , "code":           req.query.code
	}, function (err, facebookRes) {

		if (err) console.log(err);
		
		// Got the access token			
		console.log("Access Token: " + facebookRes.access_token);
		graph.setAccessToken(facebookRes.access_token);

		// At this point it probably makes more sense to set the access token into a user session or the like so that the user doesn't have to authenticate every time and that we keep a different one for each user.

		// Do something like get all of the user's likes.  
//You can use any of the "Graph API" calls as long as you have permission: https://developers.facebook.com/docs/graph-api/reference/

		graph.get('/me/likes', function(err, likesRes) {
			console.log(likesRes);
			res.send(likesRes);
		});
		
	});	
});
Now visit http://YOUR_SERVER:3000/ to try it out.