Simple REST API with Node and OAuth 2.0
This example app shows how to create a REST API in Node and secure it with OAuth 2.0 Client Credentials using Okta. This also has an example client written as a CLI that can authenticate with Okta and use the REST API.
Getting Started
Install Dependencies
After cloning the repository, simply run npm install
to install the dependencies.
Save Environment Variables
If you don't have one already, sign up for a free Okta Developer account. Log in to your developer console to get the following information.
Create a file named .env
that has the following variables, all obtained from your Okta developer console:
-
ISSUER
Log in to your developer console and navigate to API > Authorization Servers. Copy the
Issuer URI
for thedefault
server. -
SCOPE
Click on the word
default
to get details about the authorization server. Go to the Scopes tab and click the Add Scope button. Give it a name and optionally a description. The example app is for a parts manager, so for example you could name itparts_manager
. -
CLIENT_ID
Navigate to Applications, then click the Add Application button. Select Service, then click Next. Choose a name then click Done. The Client ID is shown on the next page.
-
CLIENT_SECRET
The Client Secret is on the same page as the Client ID
When you're done, your .env
file should look something like this:
ISSUER=https://dev-123456.oktapreview.com/oauth2/default
SCOPE=parts_manager
CLIENT_ID=0123456789abcdefghij
CLIENT_SECRET=0123456789abcdefghijklmnopqrstuvwxyz0123
Run the Server
To run the server, run npm start
from the terminal.
Run the Client
To make secure API requests, you'll need to use the client located at client.js
.
USAGE
node client url [method] [jsonString]
- url (required): the path to your server along with the endpoint (e.g.
http://localhost:3000/parts
) - method (optional): the HTTP verb for the REST call (e.g.
delete
orpost
). Defaults toget
- jsonString (optional): stringified JSON data for use in
put
orpost
calls (e.g.'{"partNumber":"asdf-1234"}'
)
EXAMPLES
node client http://localhost:3000/parts
: get a list of all partsnode client http://localhost:3000/parts post '{"partNumber":"asdf-1234"}'
: creates a new part with part numberasdf-1234
node client http://localhost:3000/parts/1
: gets details about the part with andid
of1
node client http://localhost:3000/parts/7 put '{"name":"A single dairy farm"}'
: updates thename
field of the part with anid
of7
node client http://localhost:3000/parts/11 delete
: deletes the part with anid
of11
License
Apache 2.0, see LICENSE.