By Syed Rizwan

2-integrating-oauth-authentication-in-a-react-application-with-expressjs.html

Integrating OAuth Authentication in a React Application with Express.js

In today's digital landscape, ensuring secure authentication in web applications is paramount. OAuth has emerged as a powerful protocol for authorization, allowing users to grant third-party applications access to their information without exposing their passwords. In this guide, we will explore how to integrate OAuth authentication into a React application using an Express.js backend. By the end, you’ll have a robust authentication system that enhances your application’s security and user experience.

What is OAuth?

OAuth (Open Authorization) is an open standard for access delegation, commonly used for token-based authentication and authorization on the internet. It allows users to authorize applications to access their data without sharing their credentials. This is particularly useful for applications that need to access user information from platforms like Google, Facebook, or GitHub.

Use Cases for OAuth

  • Third-Party Integrations: Allow users to log in to your application using existing accounts from platforms like Google or Facebook.
  • Secure APIs: Safeguard APIs by ensuring that only authenticated users can access certain endpoints.
  • User Experience: Simplify the login process by reducing the number of passwords users have to remember.

Setting Up Your Environment

Before diving into the code, ensure you have the following tools installed:

  • Node.js: To run your Express server.
  • npm: To manage your Node packages.
  • Create React App: To set up your React application easily.

Step 1: Initialize Your React and Express Application

Begin by creating a new directory for your project and initializing both a React frontend and an Express backend.

mkdir oauth-react-express
cd oauth-react-express
npx create-react-app client
mkdir server
cd server
npm init -y

Step 2: Install Required Packages

For the Express server, we will need a few packages to handle OAuth and CORS (Cross-Origin Resource Sharing).

npm install express cors dotenv passport passport-google-oauth20 cookie-session

For the React application, install Axios for making HTTP requests.

cd ../client
npm install axios

Step 3: Setting Up the Express Server

Create an index.js file in the server directory, which will serve as the entry point for your Express application.

// server/index.js
const express = require('express');
const cors = require('cors');
const cookieSession = require('cookie-session');
const passport = require('passport');
const passportSetup = require('./passport-setup'); // We'll create this shortly

const app = express();

// Middleware
app.use(cors({ origin: 'http://localhost:3000', credentials: true }));
app.use(cookieSession({ maxAge: 24 * 60 * 60 * 1000, keys: ['your_cookie_secret'] }));
app.use(passport.initialize());
app.use(passport.session());

// Routes
app.get('/auth/google', passport.authenticate('google', {
  scope: ['profile', 'email']
}));

app.get('/auth/google/callback', passport.authenticate('google'), (req, res) => {
  res.redirect('http://localhost:3000'); // Redirect to React app
});

app.get('/api/logout', (req, res) => {
  req.logout();
  res.redirect('http://localhost:3000'); // Redirect to React app
});

app.get('/api/current_user', (req, res) => {
  res.send(req.user);
});

const PORT = process.env.PORT || 5000;
app.listen(PORT, () => console.log(`Server running on port ${PORT}`));

Step 4: Setting Up Passport for Google Authentication

Create a passport-setup.js file in the server directory.

// server/passport-setup.js
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth20').Strategy;

passport.serializeUser((user, done) => {
  done(null, user.id);
});

passport.deserializeUser((id, done) => {
  // Fetch user from database based on ID
  done(null, user); // Replace with actual user fetching
});

passport.use(new GoogleStrategy({
  clientID: process.env.GOOGLE_CLIENT_ID,
  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
  callbackURL: '/auth/google/callback'
}, (accessToken, refreshToken, profile, done) => {
  // Check if user already exists in your database
  done(null, profile); // Pass user profile to serializeUser
}));

Step 5: Add Environment Variables

Create a .env file in your server directory to store your Google OAuth credentials.

GOOGLE_CLIENT_ID=your_google_client_id
GOOGLE_CLIENT_SECRET=your_google_client_secret

Step 6: Building the React Frontend

In your React application, create a simple login button to initiate the OAuth process.

// client/src/App.js
import React from 'react';
import axios from 'axios';

const App = () => {
  const handleLogin = () => {
    window.open('http://localhost:5000/auth/google', '_self');
  };

  return (
    <div>
      <h1>OAuth Authentication with React and Express</h1>
      <button onClick={handleLogin}>Login with Google</button>
    </div>
  );
};

export default App;

Step 7: Handling User State in React

You will need to manage user sessions in your React app. Use Axios to fetch user data:

// client/src/App.js (continued)
import React, { useEffect, useState } from 'react';
import axios from 'axios';

const App = () => {
  const [user, setUser] = useState(null);

  useEffect(() => {
    const fetchUser = async () => {
      const response = await axios.get('http://localhost:5000/api/current_user', { withCredentials: true });
      setUser(response.data);
    };
    fetchUser();
  }, []);

  const handleLogin = () => {
    window.open('http://localhost:5000/auth/google', '_self');
  };

  const handleLogout = async () => {
    await axios.get('http://localhost:5000/api/logout', { withCredentials: true });
    setUser(null);
  };

  return (
    <div>
      <h1>OAuth Authentication with React and Express</h1>
      {user ? (
        <div>
          <h2>Welcome, {user.displayName}</h2>
          <button onClick={handleLogout}>Logout</button>
        </div>
      ) : (
        <button onClick={handleLogin}>Login with Google</button>
      )}
    </div>
  );
};

export default App;

Conclusion

Integrating OAuth authentication in a React application with an Express.js backend is a powerful way to enhance security and user experience. By following the steps outlined in this guide, you now have a foundational implementation of OAuth using Google as an authentication provider.

Troubleshooting Tips

  • Ensure your Google credentials are correctly set up in the Google Developer Console.
  • Check CORS settings if you encounter issues with requests between the client and server.
  • Use the browser's developer tools to debug network requests and responses.

With this setup, your application is ready for users to log in securely using their Google accounts, paving the way for further enhancements and features. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.