Readit Newstip_of_the_hat commented on Learn OAuth by building a client with Node.js annotate.dev/p/hello-worl... · Posted by u/tip_of_the_hat
It's a decent skeleton for a server side client. You might consider showing how a token refresh might work.
There is often a need for public client side implementations as well. Are you planning on making one there? It's mostly the same idea but you do the redirects yourself with CSRF and PKCE.
Yup, planning on expanding to add a PKCE and OIDC walkthroughs as well!
tip_of_the_hat commented on Learn OAuth by building a client with Node.js annotate.dev/p/hello-worl... · Posted by u/tip_of_the_hat
What I learned from writing my own auth(OAuth as well) something, it's not worth the time and effort. Great learning opportunity, with way too many footguns.
Agreed, I think it's something you should know how to do and then choose not to do it (use an existing library instead). Having a good understanding really helps with debugging issues that come up.
tip_of_the_hat commented on Learn OAuth by building a client with Node.js annotate.dev/p/hello-worl... · Posted by u/tip_of_the_hat
I recently started writing an API client for some endpoints protected with Oauth2 and it was an absolute pain at first. Very few examples were available that took into account their quirks, and I ended up relying on a random git repo I found with a working implementation written in PHP.
This was my experience as well. I've previously blindly followed instructions from OAuth libraries, but it frustrated me that I didn't fully understand what was going on.
tip_of_the_hat commented on Learn OAuth by building a client with Node.js annotate.dev/p/hello-worl... · Posted by u/tip_of_the_hat
This looks great! I'll surely come back to it later.
How much of the process can be pushed to server side? (Sorry, I don't speak JS.)
Pretty much all of it! The JS in this walkthrough is all server-side. I tried to keep the JS itself simple so that someone unfamiliar with the language could have an easy time following the code.
tip_of_the_hat commented on Learn OAuth by building a client with Node.js annotate.dev/p/hello-worl... · Posted by u/tip_of_the_hat
Hey HN, author here.
When I was first learning OAuth, I found that all the guides were text-heavy and lacked code. I personally learn better from code, so I created a code-first guide. Let me know if you have any feedback!
This is helpful, but I’d evangelize (and probably buy) a system that linked external walkthroughs like this with my repo as an alternative to comments in the code, and triggered notifications when the walkthroughs go “stale” due to changes in the repo (suggesting automatic updates via LLM even better).
Just to clarify, this use case would be for internal code documentation rather than providing external walkthroughs for your users?
I got some positive feedback on my previous article; Learn OAuth 2.0 by building an OAuth client (https://annotate.dev/p/hello-world/learn-oauth-2-0-by-buildi...) and created a follow up on the OIDC standard.
Let me know what you think and if you have any feedback!