简体   繁体   中英

OAuth flow with React+Express

I have been studying OAuth and trying to use OAuth for my web application.

I'm developing web with React and Express hosted by different ports. Express exports REST APIs and React sends HTTP Requests and receives HTTP Responses using Axios.

I've been searching the example which explains the way to use OAuth, however, most of examples explain the web hosted by one port. I wonder how to use OAuth in this kind of web application. I can't know clearly about the flow until the web gets the AccessToken from Authorization server.

What is the OAuth flow with the web using REST API server on another domain?

There are 2 main parts to this:

  • Your React app will use Authorization Code Flow (PKCE) to log the user in and get an access token, then make cross domain API calls

  • Your REST API will need to validate access tokens - either in memory or via introspection

If it helps I have a tutorial and code sample that explains this step by step, including the OAuth messages.

I would start with the above sample, which uses plain Typescript. My blog also has a React sample you can look at, though it is a little more advanced.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM