Skip to content

Add example for Authorization Code grant. #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Jul 30, 2025
Merged

Add example for Authorization Code grant. #9

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
58b1138
Added authoriation code example.
shrihari-prakash Jul 8, 2025
c9bdfa9
Add package lock and cors.
shrihari-prakash Jul 8, 2025
8f8ac66
Add client package lock.
shrihari-prakash Jul 8, 2025
6fefdd4
Remove eslintrc.
shrihari-prakash Jul 8, 2025
091afdf
Fix registry.
shrihari-prakash Jul 8, 2025
52efed2
Add client env variables to README.
shrihari-prakash Jul 9, 2025
7adf469
PR comments.
shrihari-prakash Jul 9, 2025
da94b0e
Fix dotenv.
shrihari-prakash Jul 9, 2025
fc12a79
Fix styling after auth.
shrihari-prakash Jul 9, 2025
9fa8330
Simplify styles.
shrihari-prakash Jul 10, 2025
2b4e766
authorization-code(provider): add missing cors dependency
jankapunkt Jul 30, 2025
11e99be
docs: update readmes
jankapunkt Jul 30, 2025
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add client env variables to README.
  • Loading branch information
@shrihari-prakash
shrihari-prakash committed Jul 9, 2025
commit 52efed25cd334f4500b6ba228388a247ff04ed51
11 changes: 10 additions & 1 deletion authorization-code/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ $ cd provider && npm install
$ cd ../client && npm install
```

Create a `.env` file in the authorization-code directory:
Create a `.env` file in the authorization-code/provider directory:

```
CLIENT_ID=testclient
Expand All @@ -64,6 +64,15 @@ USERNAME=demo
PASSWORD=demo
```

Create a `.env` file in the authorization-code/client directory:

```
AUTH_SERVER=http://localhost:8080
CLIENT_ID=testclient
CLIENT_SECRET=testsecret
REDIRECT_URI=http://localhost:3000/callback
```

Start the provider (authorization server + resource server):

```shell
Expand Down
2 changes: 1 addition & 1 deletion authorization-code/client/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ app.set("view engine", "ejs");
app.set("views", "./views");
app.use(express.static("public"));

const authServer = "http://localhost:8080";
const authServer = process.env.AUTH_SERVER || "http://localhost:8080";
const clientId = process.env.CLIENT_ID || "testclient";
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if the sample worked just as is without any envs. So I added a default, but we can discuss the options.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think envs are fine, you can also use .env if you like, it's a good common practice
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did add both options. Use the values from the defaults if the env does not exist. But I am happy to remove the defaults if you prefer it to come only from the env.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or should we commit a .env file with the defaults? Not like it contains secretive stuff... The intention being the samples work with as minimal effort as possible.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

common practice is to gitignore .env but provide a .env.example that users can copy. This avoids ever checking in real .env (in case users build their project upon the example)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or do not check in a .env at all but tell users to create one with example data. My concerns are only regarding users cloning and continuing to use it until production.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a .env.example file. Seems to be a good balance incase they use it till production.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jankapunkt FYI I got the example to a runnable state. Would you be able to run this when you have some availability?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shrihari-prakash yes I will test it and leave comments/review if needed
const clientSecret = process.env.CLIENT_SECRET || "testsecret";
const redirectUri =
Expand Down