Skip to main content

Quickstart (Node.js)

The following page will guide you through getting started with the ROPC grant type by creating a CLI (Command Line Interface) application which demonstrates:

  • Authentication of a user
  • Retrieval of the authenticated user's information

Initialise a node package

npm init -y

The -y flag uses the default configuration

Dependencies

npm install ibm-verify-sdk dotenv readline-sync

.env

The recommended way of storing the OAuth configuration is in a file named .env, this way the values are not hard coded into the source. Using the node package dotenv we can load the contents of the file into the application environment variables.

An example configuration.

TENANT_URL=https://your-tenant-name.ibmcloud.com
CLIENT_ID=a1b2c3d4-abcd-1234-1337-itsanexample
CLIENT_SECRET=QwErTYasdf
FLOW_TYPE=ropc
SCOPE=openid

ropc-sample.js

Create the file ropc-sample.js, this will be the actual program file in which you add the following code.

Imports

const OAuthContext = require('ibm-verify-sdk').OAuthContext;
const rls = require('readline-sync');

Load config

// load contents of .env into process.env
require('dotenv').config();

let config = {
    tenantUrl    : process.env.TENANT_URL,
    clientId     : process.env.CLIENT_ID,
    clientSecret : process.env.CLIENT_SECRET, // If using a Private Client
    flowType     : process.env.FLOW_TYPE,
    scope        : process.env.SCOPE
};

Instantiate OAuthContext with given config, returning a ROPC OAuthContext

const ropcCtx = new OAuthContext(config);

Retrieve username and password through user input via the readline-sync package

const username = rls.question('username: ');
const password = rls.question('password: ', { hideEchoBack: true });

Initiate login through ROPC OAuthContext

let token;

ropcCtx.login(username, password).then(
    res => {
        console.log('Successful authentication. Token retrieved.');
        token = res;
    }, rej => {
        console.log('Failed to authenticate, error:\n', rej.messageDescription);
    }
);

Now exercise the use of your token, by way of example you can retrieve your user information by requesting it with the token you received from the function above.

Edit your above code as below

let token;

ropcCtx.login(username, password).then(
    res => {
        token = res;
        // Now request your user info with retrieved token
        ropcCtx.userInfo(token).then(
            res => console.log('Successfully retrieved user information:\n', res.response),
            rej => console.log('Failed to retrieve user information, error:\n', rej)
        );

    }, rej => {
        console.log('Failed to authenticate, error:\n', rej.messageDescription);
    }
);

Full sample code

const OAuthContext = require('ibm-verify-sdk').OAuthContext;
const rls = require('readline-sync');

// load contents of .env into process.env
require('dotenv').config();

let config = {
    tenantUrl    : process.env.TENANT_URL,
    clientId     : process.env.CLIENT_ID,
    clientSecret : process.env.CLIENT_SECRET,
    flowType     : process.env.FLOW_TYPE,
    scope        : process.env.SCOPE
};

const ropcCtx = new OAuthContext(config);

const username = rls.question('username: ');
const password = rls.question('password: ', { hideEchoBack: true });

let token;

ropcCtx.login(username, password).then(
    res => {
        token = res;
        // Now request your user info with retrieved token
        ropcCtx.userInfo(token).then(
            res => console.log('Successfully retrieved user information:\n', res.response),
            rej => console.log('Failed to retrieve user information, error:\n', rej)
        );

    }, rej => {
        console.log('Failed to authenticate, error:\n', rej.messageDescription);
    }
);