Build a Simple REST API with Node and OAuth 2.0
JavaScript is used everywhere on the web, but can also be used server-side. This tutorial shows you how to create a server-to-server REST API complete with OAuth 2.0 authentication.
Alwin Solanky
Just a question about selecting a service when you are creating an Auth server. Which service do you use?
Thank you
MM
Hi, It went fine till adding .env and auth.js, but after that cmd ‘npm test && node .’ throws and error: ‘Error: Your client ID is missing. You can copy it from the Okta Developer Console in the details for the Application you created.’
Eddie Monge
Why are you using the npm package util instead of the builtin NodeJS util module?
Bato D’Kalbo
so fantastic!
Greg Steven
I have implemented this nearly line for line but I keep getting this error when attempting to access the /secure endpoint: Error: 401 - “Error while resolving signing key for kid …” - I am guessing something is misconfigured in Okta but I am not sure what. Thanks for the help!
Matt Raible
What is the value for your ISSUER environment variable? It should be something like:
ISSUER=https://{yourOktaDomain}/oauth2/default
Greg Steven
Yep, it is. When I point to a different client created as a Web Application (the one not working is a simple Service) it works fine.
Matt Raible
Hmmm, then I’m not sure what the problem could be. If your issuer has “oauth2/default” on the end, then it’s one of your org’s authorization servers. When you specify an issuer without this (e.g., https://{yourOktaDomain}), it usually results in the error you’re seeing.
Nick Bordeau
As @sancoLgates pointed out, the correct code for that step should in fact be:
const oktaJwtVerifier = new OktaJwtVerifier({
issuer: process.env.ISSUER,
clientId: process.env.CLIENT_ID,
});
Felipe Gabriel Caparelli
Please Braden, update the article with the required attribute clientId. It would be very useful! Thanks!
Ara
@Braden, I am getting errors on the use of @@ - “\rest-api\index.js:1:1: Parsing error: Unexpected character '@'
npm ERR! Test failed…” I tried various alternatives without success. I read on wiki that the @ is contrary to the specifications and not supported in newer implementations. Can I ask you to update the example to work without the “@@ -2,10 +2,14 @@ const express = require(‘express’)” or some other fix. This is a great tutorial - it would be great to get through it. Thanks!
Matt Raible
Hello Ara,
My guess if you might’ve copied some code in this post and you’re trying to use it? Any code that has + and - on the side is a “diff” of the code, and the plus and minus are meant to indicate lines that are added/removed.
leebrandt
The post has been updated with this.
Matt Raible
Fixed!
Deba Barik
I keep getting below error while trying to test if the API is up by firing "curl localhost:3000/parts"
Unhandled rejection Error: Can’t set headers after they are sent.
Victor Yeo
I am getting the same error as well.
Peter Thorsteinson
At the end, the following command:
node client http://localhost:3000/parts | json
Gives me the following null values in the output:
“partNumber”: null
"modelNumber": null
"name": null
"description": null
Brendan Stephens
This is likely due to upgrading sequelize and keeping epilogue.
Sequelize 4+ and epilogue have compatibility issues (improper asynchronous code).
To get around this, you can. replace epilogue with finale.
Finale is built to be a drop-in replacement for Epilogue that supports Sequelize 4.x.x
const epilogue = require(‘epilogue’)
epilogue.initialize(…)
// change to
const finale = require(‘finale-rest’)
finale.initialize(…)