I am building a Node.js application where I want the users to be able to signup with their twitter credentials rather than remembering another set of username/pasword. My framework of choice is Expressjs, so I’ll quickly show you how to authenticate the user with twitter’s oauth service in it.
Setup a Twitter Application
You need to register your application with twitter which basically requires you to create an application here. It is very easy.
Note: Although specifying the Callback URL is optional as you can set that dynamically in your code, do specify some URL there else later when you try to get OAuth tokens from twitter it’s going to end up sending such errors –
[text]
Desktop applications only support the oauth_callback value ‘oob’
[/text]
After setting up the application note the Consumer Key, Consumer Secret and the token URLs as they’ll be required in the code in order to communicate with Twitter.
Let’s get to code now!
Install node-oauth module
We’ll use the node-oauth module, hence lets install it via NPM.
[bash]
$ npm install oauth
[/bash]
ExpressJS Coding
Time to start coding the implementation using expressjs. We start off by constructing our OAuth Client.
[javascript]
var OAuth = require(‘oauth’).OAuth
, oauth = new OAuth(
"https://api.twitter.com/oauth/request_token",
"https://api.twitter.com/oauth/access_token",
"your_twitter_consumer_key",
"your_twitter_consumer_secret",
"1.0",
"http://yoursite.com/auth/twitter/callback",
"HMAC-SHA1"
);
[/javascript]
Note: 1.0 respresents the OAuth version in use, not the Twitter API version. 1.0 or 1.0A both works fine as the provided string there. This module will work fine with Twitter API 1.1.
Next we define a route that’s going to be linked by your “Sign in with Twitter” link. This route will query twitter to get a random OAuth request token and redirect the User to Twitter where he’ll be shown your app’s information and asked to login (which will redirect him to your site) or cancel the process.
[javascript]
app.get(‘/auth/twitter’, function(req, res) {
oauth.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, results) {
if (error) {
console.log(error);
res.send("Authentication Failed!");
}
else {
req.session.oauth = {
token: oauth_token,
token_secret: oauth_token_secret
};
console.log(req.session.oauth);
res.redirect(‘https://twitter.com/oauth/authenticate?oauth_token=’+oauth_token)
}
});
});
[/javascript]
Finally we’ll define the route that’ll be executed when Twitter is done authenticating and redirects the User to your site. This route is the same as the callback URL that we specified while creating the OAuth client few moments ago.
[javascript]
app.get(‘/auth/twitter/callback’, function(req, res, next) {
if (req.session.oauth) {
req.session.oauth.verifier = req.query.oauth_verifier;
var oauth_data = req.session.oauth;
oauth.getOAuthAccessToken(
oauth_data.token,
oauth_data.token_secret,
oauth_data.verifier,
function(error, oauth_access_token, oauth_access_token_secret, results) {
if (error) {
console.log(error);
res.send("Authentication Failure!");
}
else {
req.session.oauth.access_token = oauth_access_token;
req.session.oauth.access_token_secret = oauth_access_token_secret;
console.log(results, req.session.oauth);
res.send("Authentication Successful");
// res.redirect(‘/’); // You might actually want to redirect!
}
}
);
}
else {
res.redirect(‘/login’); // Redirect to login page
}
});
[/javascript]
After the redirect to make sure it’s an authenticated user, we have to make another query to Twitter (the module does that anyway) with the token, token_secret and the oauth_verifier data to get access tokens. These access tokens can be used later by your application to make authorized calls to Twitter’s API on behalf of the user.
We’re done here! Now you just use express sessions to remember the authenticated user and let him use all the login-protected areas of your site.
More Examples
If you’re looking for some more examples of using OAuth to do stuffs like tweeting/retweeting, finding followers/followings, etc. then the module’s Wiki has few code samples to achieve them. Not only that, it also shows how to use Google’s OAuth services!
