This demonstrates a fairly minimal third-party OAuth (including API auth using JWT and HTTP-only cookies).
git clone https://github.com/dev-academy-challenges/passport-oauth-demo.git
cd passport-oauth-demo
npm install- Go to https://dev.twitter.com and create a new app
mv .env.example .env- Edit
.envto include your Twitter app's keys
npm start
# or npm run debugYou should be able to use Postman to go to http://localhost:3000/api/v1/open because that endpoint isn't protected. However, http://localhost:3000/api/v1/closed is protected, so you shouldn't be able to access it.
- Using your browser, go to http://localhost:3000/api/v1/auth/twitter and authorise the application.
- Using Postman, go to http://localhost:3000 to verify a token was issued.
- Using Postman, go to http://localhost:3000/api/v1/closed to ensure you have access.
Build out the rest of this app experience 😉