Instantly share code, notes, and snippets.

What would you like to do?
Demo for Passport.js authentication in a Node.js Express application
"name": "securehelloworld",
"version": "1.0.0",
"description": "",
"main": "server.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
"author": "",
"license": "ISC",
"dependencies": {
"express": "^4.13.3",
"express-session": "^1.11.3",
"passport": "^0.3.0",
"passport-github": "^1.0.0"
var express = require('express');
var app = express();
var passport = require('passport');
var GithubStrategy = require('passport-github').Strategy;
passport.use(new GithubStrategy({
clientSecret: "YOUR CLIENT SECRET",
callbackURL: "http://localhost:30000/auth/github/callback"
function(accessToken, refreshToken, profile, done) {
// placeholder for translating profile into your own custom user object.
// for now we will just use the profile object returned by GitHub
return done(null, profile);
// Express and Passport Session
var session = require('express-session');
app.use(session({secret: "enter custom sessions secret here"}));
passport.serializeUser(function(user, done) {
// placeholder for custom user serialization
// null is for errors
done(null, user);
passport.deserializeUser(function(user, done) {
// placeholder for custom user deserialization.
// maybe you are getoing to get the user from mongo by id?
// null is for errors
done(null, user);
// we will call this to start the GitHub Login process
app.get('/auth/github', passport.authenticate('github'));
// GitHub will call this URL
passport.authenticate('github', { failureRedirect: '/' }),
function(req, res) {
app.get('/', function (req, res) {
var html = "<ul>\
<li><a href='/auth/github'>GitHub</a></li>\
<li><a href='/logout'>logout</a></li>\
// dump the user for debugging
if (req.isAuthenticated()) {
html += "<p>authenticated as user:</p>"
html += "<pre>" + JSON.stringify(req.user, null, 4) + "</pre>";
app.get('/logout', function(req, res){
console.log('logging out');
// Simple route middleware to ensure user is authenticated.
// Use this route middleware on any resource that needs to be protected. If
// the request is authenticated (typically via a persistent login session),
// the request will proceed. Otherwise, the user will be redirected to the
// login page.
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
app.get('/protected', ensureAuthenticated, function(req, res) {
res.send("acess granted");
var server = app.listen(30000, function () {
console.log('Example app listening at http://%s:%s',
server.address().address, server.address().port);

This comment has been minimized.

binario200 commented Jun 6, 2016

I'm stuck at : http://localhost:30000/auth/github/callback?code=202dcb8b5e10d8556e81

InternalOAuthError: Failed to obtain access token
at Strategy.OAuth2Strategy._createOAuthError (/home/loko/DevOps/forked/my-node-github/node_modules/passport-oauth2/lib/strategy.js:370:17)
at /home/loko/DevOps/forked/my-node-github/node_modules/passport-oauth2/lib/strategy.js:166:45
at /home/loko/DevOps/forked/my-node-github/node_modules/passport-github/lib/strategy.js:75:25
at /home/loko/DevOps/forked/my-node-github/node_modules/oauth/lib/oauth2.js:177:18
at ClientRequest. (/home/loko/DevOps/forked/my-node-github/node_modules/oauth/lib/oauth2.js:148:5)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at TLSSocket.socketErrorListener (_http_client.js:306:9)
at emitOne (events.js:96:13)
at TLSSocket.emit (events.js:188:7)


This comment has been minimized.

pallavidhan commented Dec 20, 2017

could you solve the issue? i am getting the same error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment