Created
November 30, 2013 18:33
-
-
Save avalez/7722698 to your computer and use it in GitHub Desktop.
Bitbucket OAuth consumer example (nodejs w. passport)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var passport = require('passport'), | |
| BitbucketStrategy = require('passport-bitbucket').Strategy, | |
| request = require('request'); | |
| module.exports = function (app) { | |
| var oauth = { | |
| consumer_key: process.env.BB_CONSUMER_KEY, | |
| consumer_secret: process.env.BB_CONSUMER_SECRET | |
| }; | |
| // The Bitbucket authentication strategy authenticates users using | |
| // a Bitbucket account and OAuth tokens. | |
| // The strategy requires a verify callback, which accepts these credentials | |
| // and calls done providing a user, as well as options specifying | |
| // a consumer key, consumer secret, and callback URL. | |
| passport.use(new BitbucketStrategy({ | |
| consumerKey: oauth.consumer_key, | |
| consumerSecret: oauth.consumer_secret, | |
| callbackURL: 'http://localhost:5000/auth/bitbucket/callback' | |
| }, | |
| function(token, tokenSecret, profile, done) { | |
| var user = profile._json.user; | |
| oauth.token = token; | |
| oauth.token_secret = tokenSecret; | |
| User.findOrCreate(..., function(err, user) { | |
| // TODO: persist ouath.token and oauth.token_secret | |
| done(null, user); | |
| }); | |
| } | |
| )); | |
| passport.serializeUser(function(user, done) { | |
| done(null, user.username); | |
| }); | |
| passport.deserializeUser(function(userId, done) { | |
| User.find(userId, function(err, user) { | |
| // TODO: update ouath.token and oauth.token_secret | |
| done(null, {username: userId}); | |
| }); | |
| }); | |
| // Redirect the user to Bitbucket for authentication. When | |
| // complete, it will redirect the user back to the application at | |
| // /auth/bitbucket/callback | |
| app.get('/auth/bitbucket', passport.authenticate('bitbucket')); | |
| // The OAuth provider has redirected the user back to the application. | |
| // Finish the authentication process by attempting to obtain an access | |
| // token. If authorization was granted, the user will be logged in. | |
| // Otherwise, authentication has failed. | |
| app.get('/auth/bitbucket/callback', | |
| passport.authenticate('bitbucket', { successRedirect: '/', | |
| failureRedirect: '/login' })); | |
| // Our API to check if user is authenticated | |
| app.get('/api/login', function(req, res) { | |
| if (!req.isAuthenticated()) { | |
| res.send(401); | |
| } else { | |
| // Access secure resource | |
| request.get({url: 'https://api.bitbucket.org/1.0/user/', oauth: oauth}, | |
| function(err, res, json) { | |
| console.log(err); | |
| console.log(json); | |
| }); | |
| res.send(req.user); | |
| } | |
| }); | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how will you deal with multiple auth providers? like twitter and linkedin on the same page
var oauth = {
consumer_key: process.env.BB_CONSUMER_KEY,
consumer_secret: process.env.BB_CONSUMER_SECRET
};