Skip to content

Instantly share code, notes, and snippets.

@odykyi
Forked from rhussmann/SignInWithTwitter.js
Created October 5, 2017 14:10
Show Gist options
  • Save odykyi/6a393c452fa36cff229efd784c328eb4 to your computer and use it in GitHub Desktop.
Save odykyi/6a393c452fa36cff229efd784c328eb4 to your computer and use it in GitHub Desktop.
Simple 'sign in with Twitter' implementation in node.js
var http = require('http'),
sys = require('sys'),
URL = require('url'),
querystring = require('querystring'),
OAuth = require('oauth').OAuth;
var oa = new OAuth('https://api.twitter.com/oauth/request_token',
'https://api.twitter.com/oauth/access_token',
'YOUR APP CONSUMER KEY HERE',
'YOUR APP CONSUMER SECRET HERE',
'1.0',
null,
'HMAC-SHA1');
var callbackUrl = '/YOUR TWITTER CALLBACK ENDPOINT HERE';
var global_secret_lookup = {};
http.createServer(function (req, res) {
var reqURL = URL.parse(req.url);
switch (reqURL['pathname']) {
case '/': // Default case, redirect to Twitter signin
console.log('Default URL');
oa.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, results){
if(error) {
console.log('error :' + sys.inspect(error));
var errResponse = 'Unable to retrieve request token';
res.writeHead(200, {'Content-Type': 'text/plain', 'Content-Length': errResponse.length});
res.end(errResponse);
}
else {
console.log('oauth_token: ' + oauth_token);
console.log('oauth_token_secret: ' + oauth_token_secret);
console.log('requestoken results: ' + sys.inspect(results));
// I'm sure there's a better way than storing in a single
// global variable (it's not threadsafe, but works for illustrations)
global_secret_lookup[oauth_token] = oauth_token_secret;
// NOTE: we use the AUTHENTICATE, not the AUTHORIZE URL here
var twitterAuthEndpoint = 'https://api.twitter.com/oauth/authenticate?oauth_token=' + oauth_token;
console.log('Redirecting to ' + twitterAuthEndpoint);
res.writeHead(301, {'Content-Type': 'text/plain', 'Location': twitterAuthEndpoint});
res.end('Redirecting...\n');
}
});
break;
case callbackUrl: // Callback URL case
console.log('Callback URL');
var parsedURL = URL.parse(req.url);
var parsedQuery = querystring.parse(parsedURL.query);
// If there's no oauth_token parameter then the user must have
// denied access. Bail.
if(typeof(parsedQuery['oauth_token']) === 'undefined') {
console.log('User failed to authorize access');
var accessDenied = 'Please grant access to continue...'
res.writeHead(200, {'Content-Type': 'text/plain', 'Content-Length': accessDenied.length});
res.end(accessDenied);
return;
}
var oauth_token = parsedQuery['oauth_token'];
// !IMPORTANT!
// Grab an access token. Twitter won't remember that the user authorized
// the application for authentication unless we grab an access token
oa.getOAuthAccessToken(oauth_token, global_secret_lookup[oauth_token], function(error, oauth_access_token, oauth_access_token_secret, results) {
console.log('Requested access token');
console.log('oauth_access_token: ' + oauth_access_token);
console.log('oauth_token_secret: ' + oauth_access_token_secret);
console.log('accesstoken results: ' + sys.inspect(results));
var stringifiedResults = JSON.stringify(results);
res.writeHead(200, {'Content-Type': 'text/plain', 'Content-Length': stringifiedResults.length});
res.end(stringifiedResults);
});
delete global_secret_lookup[oauth_token];
break;
}
}).listen(8888, '127.0.0.1');
console.log('Server running at http://127.0.0.1:8888/');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment