Hii Everyone,
If you are familiar to Nodejs or Javascript (ofcourse thats why you are here). You know that for authentication we use JWT token and then check that token for identifying that the user is valid or not.
But wait... is this the only scenerio??
Today there are many ways to authorize and authenticate the user. One of them is Oauth2 that is used for third party login like login to Google and login to Facebook.
The way this third party login works is first the Google or any thirs party server provide the authentication code to the first party and then that first party again send that authentication code to the third party server. Now that server revert back to clientId and secretId that is passed with our credentials.
before starting further, I would like to tell that here we are using password grant_type and our client_id and secret_id is null (as we our Oauth2 and application server is same).
What happen when the Oauth2 server and application server is the same.
Today, we are here to deal with such a scenerio where both servers is the same.
For this, we will use node-oauth2-server that is a very good node module with error handling.
So, first import the node-oauth2-server using require keyword in the index.js or app.js file.
Then, create a model.js file in any folder or wherever you want. And copy the code that is in our authorization/model.js file.
Now, check our projects index.js file where we have use the node-oauth2-module with express server.
This project is based on Oauth2 authentication of the user via its credentials where we will generate the access-token of the user with Oauth2 mechanism.
The Access-token will have an scope where that scope can access the urls or endpoints if it has the following permissions.
Also we can generate the access-token of the particular scope.
This API's is for the operations on the user like register and login. Both the API are of POST HTTPMethods.
Register API is to register any user in DB. The required things are username, password, phone.
username should be an email address.
password can be anything.
phone is your phone number in integer.
Login API is to login the registered user using Oauth2 mechanism where the required things are username, password, client_id, client_secret, grant_type.
username should be an email address.
password can be anything.
client_id should be null as our Oauth2 server and application server is same.
client_secret should be null as our Oauth2 server and application server is same.
grant_type should be password as this is credential based authentication.
This API's is used for the operations on category i.e. the any product have a category type. This consists of one API create_category.
Create Category API is used to create a category like vehicles that contains various cars and bikes informations. The required things are category_name, category_description.
category_name should be any name of the category.
category_description should be the description about that category.
This API's is used for the operations on product. This consists of 3 API's create_product, getProductByProductId, delete_product.
This API is used to create a product like Pulsar,a bike from Bajaj. The required things are product_name, product_description, product_price, category_id.
product_name should be any name like Pulsar.
product_description should be the description about that product.
product_price should be the price of that product in integer.
category_id should be the id of the category that product belong to.
This API is used to get the product details by the product id. The required things are id.
id should be the valid product id. If invalid, you will get error.
This API is used to delete a particular product bu its id. The required things are id.
id should be valid product id, If invalid, you will get error.
This API's is used for the operations on scopes that an access-token can have. This consists of 1 API addScope.
This API is used to add an scope and that scope have permissions to some endpoints that an access-token can access. The required things are scopeNumber, permissions.
scopeNumber should be any alphabet like A or B.
permissions should be an array of endpoints like http://localhost:5000/products/create_product. If not like this you will get an error.
This API's is used for the operations on user carts that the user can add product to their cart or delete a product from their cart or more.
This consists of 3 API's addProductToUserCart, getAllProductOfUserByUserId, deleteProductFromUserCart.
This API is used to add a product to users cart that a user want to add. The required things are userId, product_id.
userId should be a valid user id otherwise you will get an error.
product_id should be a valid product id otherwise you will get an error.
This API is used to get all the product that the user has already added to their cart. The required things are userId.
userId should be a valid user id otherwise you will get an error.
This APi is used to delete a product from the user cart. The required things are userId, product_id.
userId should be a valid user id otherwise you will get an error.
product_id should be a valid product id otherwise you will get an error.
Note :-
When any user login by-default the access-token that user get have a scopeNumber 'A'. So, if there is no permissions given to scopeNumber 'A' then the access-token cannot access the addProductToUserCart, deleteProductFromUserCart , getProductByProductId API's.
So, you have to create a scope of scopeNumber 'A' and give the following permissions of API endpoints that you want to give.
Also, If you create any scope with scopeNumber that is already in you DB then it will get updated. This mean scopeNumber should be different for every scope you want to create, if same then the scope get updated.