By Syed Rizwan

4-integrating-oauth2-authentication-in-a-react-and-nodejs-application.html

Integrating OAuth2 Authentication in a React and Node.js Application

In today’s digital landscape, secure authentication is paramount, especially for web applications that handle sensitive user data. OAuth2 has emerged as a widely adopted protocol for authorization, allowing third-party services to exchange user information securely. In this article, we will delve into integrating OAuth2 authentication in a React and Node.js application. We’ll cover definitions, use cases, and provide actionable insights with clear code examples to guide you through the process.

What is OAuth2?

OAuth2 (Open Authorization 2.0) is an authorization framework that allows applications to obtain limited access to user accounts on an HTTP service. Unlike traditional authentication methods, OAuth2 enables users to authorize third-party applications to access their information without sharing their passwords.

Key Components of OAuth2

  • Resource Owner: The user who authorizes access to their data.
  • Client: The application requesting access to the resource owner's data.
  • Authorization Server: The server that issues access tokens after successfully authenticating the resource owner.
  • Resource Server: The server hosting the protected resources.

Why Use OAuth2?

Using OAuth2 offers several advantages:

  • Enhanced Security: Users can grant access without sharing their credentials.
  • Scoped Access: You can limit the access level a third-party application has.
  • Improved User Experience: Users can easily log in using their existing accounts (e.g., Google, Facebook).

Setting Up Your React and Node.js Application

Prerequisites

  • Node.js installed on your machine.
  • Basic understanding of React and Express.js.
  • An OAuth2 provider (e.g., Google, GitHub) set up to obtain client credentials.

Step 1: Create a Node.js Backend

  1. Initialize your project:

bash mkdir oauth2-example cd oauth2-example npm init -y

  1. Install necessary packages:

bash npm install express cors dotenv passport passport-google-oauth20 cookie-session

  1. Set up the server:

Create an index.js file and add the following code to set up your Node.js server:

```javascript const express = require('express'); const cors = require('cors'); const cookieSession = require('cookie-session'); const passport = require('passport'); require('dotenv').config(); require('./passport-setup'); // Create this file below

const app = express();

app.use(cors({ origin: 'http://localhost:3000', credentials: true })); app.use(cookieSession({ maxAge: 24 * 60 * 60 * 1000, keys: [process.env.COOKIE_KEY] })); app.use(passport.initialize()); app.use(passport.session());

app.get('/auth/google', passport.authenticate('google', { scope: ['profile', 'email'] }));

app.get('/auth/google/callback', passport.authenticate('google'), (req, res) => { res.redirect('http://localhost:3000'); // Redirect to your React app });

app.get('/api/logout', (req, res) => { req.logout(); res.redirect('http://localhost:3000'); });

app.get('/api/current_user', (req, res) => { res.send(req.user); });

const PORT = process.env.PORT || 5000; app.listen(PORT, () => console.log(Server is running on port ${PORT})); ```

Step 2: Configure Passport for Google Authentication

Create a file named passport-setup.js in the root of your project and add the following code:

const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth20').Strategy;
const User = require('./user'); // Create a User model for storing user data

passport.serializeUser((user, done) => {
    done(null, user.id);
});

passport.deserializeUser((id, done) => {
    User.findById(id).then((user) => {
        done(null, user);
    });
});

passport.use(new GoogleStrategy({
    clientID: process.env.GOOGLE_CLIENT_ID,
    clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    callbackURL: '/auth/google/callback'
}, (accessToken, refreshToken, profile, done) => {
    // Check if user already exists in our db
    User.findOne({ googleId: profile.id }).then((existingUser) => {
        if (existingUser) {
            done(null, existingUser);
        } else {
            new User({ googleId: profile.id, username: profile.displayName, thumbnail: profile._json.picture })
                .save()
                .then((newUser) => done(null, newUser));
        }
    });
}));

Step 3: Create a User Model

You can use MongoDB for user storage. Here’s a simple Mongoose model for your user:

const mongoose = require('mongoose');

const userSchema = new mongoose.Schema({
    googleId: String,
    username: String,
    thumbnail: String
});

module.exports = mongoose.model('User', userSchema);

Step 4: Set Up the React Frontend

  1. Create a new React app:

bash npx create-react-app client cd client

  1. Install Axios:

bash npm install axios

  1. Implement authentication:

In your src/App.js, add the following code:

```javascript import React, { useEffect, useState } from 'react'; import axios from 'axios';

const App = () => { const [user, setUser] = useState(null);

   const fetchUser = async () => {
       const res = await axios.get('http://localhost:5000/api/current_user', { withCredentials: true });
       setUser(res.data);
   };

   useEffect(() => {
       fetchUser();
   }, []);

   return (
       <div>
           <h1>OAuth2 Authentication with React and Node.js</h1>
           {user ? (
               <div>
                   <h2>Welcome, {user.username}</h2>
                   <img src={user.thumbnail} alt={user.username} />
                   <a href="http://localhost:5000/api/logout">Logout</a>
               </div>
           ) : (
               <a href="http://localhost:5000/auth/google">Login with Google</a>
           )}
       </div>
   );

};

export default App; ```

Step 5: Testing Your Application

  1. Start your Node.js server:

bash node index.js

  1. Start your React app:

bash npm start

Navigate to http://localhost:3000 in your browser. You should see a login link. Click it to authenticate via Google, and you’ll be redirected back to your app with user information displayed.

Troubleshooting Tips

  • CORS Issues: Ensure your backend allows requests from your frontend’s origin.
  • Token Errors: Double-check your OAuth2 client credentials and callback URLs.
  • Mongoose Connection: Ensure your MongoDB database is running and connected correctly.

Conclusion

Integrating OAuth2 authentication into a React and Node.js application enhances security and provides a seamless user experience. By following the steps outlined in this article, you can set up a robust authentication system that leverages third-party services. Remember to handle errors gracefully and always keep your dependencies updated for the best practices in security and performance. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.