A lightweight and extensible Single Sign-On (SSO) authentication service built with Node.js and Express, supporting multiple OAuth 2.0 providers including Google, Facebook, Twitter, LinkedIn, Yahoo, GitHub, GitLab, Discord, Spotify, Dropbox, TikTok, and Apple.
- OAuth 2.0 login via major social platforms
- Built with Node.js + Express for fast, modular setup
- Secure token handling and user profile retrieval
- Scalable and developer-friendly codebase
| Provider Name | Provider ID | Official Docs Link |
|---|---|---|
google |
Google OAuth Docs | |
facebook |
Facebook OAuth Docs | |
twitter |
Twitter OAuth Docs | |
linkedin |
LinkedIn OAuth Docs | |
| Yahoo | yahoo |
Yahoo OAuth Docs |
| GitHub | github |
GitHub OAuth Docs |
| GitLab | gitlab |
GitLab OAuth Docs |
| Discord | discord |
Discord OAuth Docs |
| Spotify | spotify |
Spotify OAuth Docs |
| Dropbox | dropbox |
Dropbox OAuth Docs |
| TikTok | tiktok |
TikTok OAuth Docs |
| Apple | apple |
Apple OAuth Docs |
The config.json file located in the root directory is used to configure OAuth credentials and domain security settings for all supported SSO providers in your application.
{
"origin": "https://yourapp.com/",
"clients": [
{
"id": "google",
"env": {
"client_id": "GOOGLE_CLIENT_ID",
"client_secret": "GOOGLE_CLIENT_SECRET",
"redirect_uri": "https://yourapp.com/api/sso/callback/google"
}
}
]
}- The fully qualified domain of your hosted frontend app (e.g.,
https://example.com/) - This is used by the
/api/sso/callback/:idendpoint to validate and allowpostMessagecallbacks only from this origin ⚠️ Must exactly match the frontend domain (including protocolhttps://)
id
- The identifier for the provider (e.g.,
google,github,linkedin)
env.client_id
- The Client ID obtained from the provider's developer console
- Required to initiate the OAuth login process
env.client_secret
- The Client Secret from the same developer console
- Used to exchange the authorization code for an access token
env.redirect_uri
- The exact redirect URI that the OAuth provider should call after user login
⚠️ Must be registered in the provider’s developer dashboard (under allowed/callback URLs)
GET /api/sso/client/:id
Initiates OAuth login for the given provider by opening a popup window.
:id— OAuth provider ID (e.g.google,github, etc.)
Frontend Usage Example:
// Open the login window
window.open(`/api/sso/client/google`, '_blank', 'width=500,height=600');
// Listen for login callback
window.addEventListener("message", async event => {
const data = event.data;
if (!data || !data.client) return;
console.log(data.client); // e.g., "google"
console.log(data.data.access_token); // use as needed
console.log(data.data.refresh_token); // if available
});GET /api/sso/callback/:id?code=AUTH_CODE
Handles the provider's OAuth redirect with code and returns tokens to the parent or opener window via postMessage.
:id— OAuth provider ID (e.g.google,github, etc.)code— Authorization code from provider
Automatically posts a message back to the parent window like:
{
"client": "google",
"data": {
"access_token": "ACCESS_TOKEN",
"refresh_token": "REFRESH_TOKEN"
}
}GET /api/sso/user/:id
Authorization: Bearer ACCESS_TOKEN
Returns authenticated user info such as ID, name, and email.
:id— OAuth provider ID (e.g.google,github, etc.)
Sample Response:
{
"client": "google",
"data": {
"id": "USER_ID",
"name": "USER_NAME",
"email": "USER_EMAIL"
}
}Deshan.lk | DNJS | LinkedIn | GitHub | YouTube | Blogger | Facebook | Gmail