Podio application that uses Server Side-flow Authentication: 1. You redirect your user to Podio for authorization 2. Podio redirects back to your web app with an authorization code 3. You use the authorization code to obtain an access token 4. You use the access token for all API requests

app.js

var express = require('express');
var request = require('request');

var app = express();
app.use(express.static(__dirname + '/public'));
app.use(express.bodyParser());

var Podio = require("podio-api");
var clientId = "podio-app";
var clientSecret = ""; 

var podio = new Podio({ 
  client_id: clientId, 
  client_secret: clientSecret });


app.get('/login', function(req, res) {
  // Get the authorization code 
  // http://YOUR_URL?code=THE_AUTHORIZATION_CODE
  var url = "https://podio.com/oauth/authorize";
  var redirect = "http://localhost:3000/authorize";
  var path = url + "?client_id=" + clientId + "&redirect_uri=" + redirect; 
  res.redirect(path);
  

});

app.get('/authorize', function(req, res) {
  
  //grant_type=authorization_code&client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_AUTHORIZATION_CODE
  var url = "https://podio.com/oauth/token";
  console.log('authorize ....');
  console.log(req.query.code);
  var code = req.query.code;
  var grantType = "authorization_code";
  var redirect = "http://localhost:3000";
  
  request.post({
    url: url,
    form: {
      grant_type: grantType,
      client_id: clientId,
      redirect_uri: redirect,
      client_secret: clientSecret,
      code: code
      }
    }, function(error, response, body) {
          console.log(body);
          if (error) return console.log(error);
          res.send(body);
    });
               
              
});  // authorize