Build a Simple REST API with Node and OAuth 2.0

Build a Simple REST API with Node and OAuth 2.0

JavaScript is used everywhere on the web, but can also be used server-side. This tutorial shows you how to create a server-to-server REST API complete with OAuth 2.0 authentication.

Alwin Solanky

Just a question about selecting a service when you are creating an Auth server. Which service do you use?

Thank you


Hi, It went fine till adding .env and auth.js, but after that cmd ‘npm test && node .’ throws and error: ‘Error: Your client ID is missing. You can copy it from the Okta Developer Console in the details for the Application you created.’


hi find it here…
it solves the issue.

Eddie Monge

Why are you using the npm package util instead of the builtin NodeJS util module?

Bato D’Kalbo

so fantastic!

Greg Steven

I have implemented this nearly line for line but I keep getting this error when attempting to access the /secure endpoint: Error: 401 - “Error while resolving signing key for kid …” - I am guessing something is misconfigured in Okta but I am not sure what. Thanks for the help!

Matt Raible

What is the value for your ISSUER environment variable? It should be something like:


Greg Steven

Yep, it is. When I point to a different client created as a Web Application (the one not working is a simple Service) it works fine.

Matt Raible

Hmmm, then I’m not sure what the problem could be. If your issuer has “oauth2/default” on the end, then it’s one of your org’s authorization servers. When you specify an issuer without this (e.g., https://{yourOktaDomain}), it usually results in the error you’re seeing.

Nick Bordeau

As @sancoLgates pointed out, the correct code for that step should in fact be:

const oktaJwtVerifier = new OktaJwtVerifier({
issuer: process.env.ISSUER,
clientId: process.env.CLIENT_ID,

Felipe Gabriel Caparelli

Please Braden, update the article with the required attribute clientId. It would be very useful! Thanks!


@Braden, I am getting errors on the use of @@ - “\rest-api\index.js:1:1: Parsing error: Unexpected character '@'
npm ERR! Test failed…” I tried various alternatives without success. I read on wiki that the @ is contrary to the specifications and not supported in newer implementations. Can I ask you to update the example to work without the “@@ -2,10 +2,14 @@ const express = require(‘express’)” or some other fix. This is a great tutorial - it would be great to get through it. Thanks!

Matt Raible

Hello Ara,

My guess if you might’ve copied some code in this post and you’re trying to use it? Any code that has + and - on the side is a “diff” of the code, and the plus and minus are meant to indicate lines that are added/removed.


The post has been updated with this.

Matt Raible


Deba Barik

I keep getting below error while trying to test if the API is up by firing "curl localhost:3000/parts"

Unhandled rejection Error: Can’t set headers after they are sent.

Victor Yeo

I am getting the same error as well.

Peter Thorsteinson

At the end, the following command:

node client http://localhost:3000/parts | json

Gives me the following null values in the output:

“partNumber”: null
"modelNumber": null
"name": null
"description": null

Brendan Stephens

This is likely due to upgrading sequelize and keeping epilogue.

Sequelize 4+ and epilogue have compatibility issues (improper asynchronous code).

To get around this, you can. replace epilogue with finale.
Finale is built to be a drop-in replacement for Epilogue that supports Sequelize 4.x.x…

const epilogue = require(‘epilogue’)

// change to

const finale = require(‘finale-rest’)