{"id":18298422,"url":"https://github.com/fusionauth/fusionauth-javascript-sdk-express","last_synced_at":"2025-04-05T13:33:33.273Z","repository":{"id":226461940,"uuid":"768392724","full_name":"FusionAuth/fusionauth-javascript-sdk-express","owner":"FusionAuth","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-28T05:56:19.000Z","size":40,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":12,"default_branch":"main","last_synced_at":"2024-08-05T04:29:54.400Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FusionAuth.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-07T01:58:50.000Z","updated_at":"2024-08-05T04:29:54.401Z","dependencies_parsed_at":"2024-03-27T21:32:51.828Z","dependency_job_id":"694f35ee-676d-4f85-9eff-2abaa02e40be","html_url":"https://github.com/FusionAuth/fusionauth-javascript-sdk-express","commit_stats":null,"previous_names":["fusionauth/fusionauth-javascript-sdk-express"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-javascript-sdk-express","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-javascript-sdk-express/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-javascript-sdk-express/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FusionAuth%2Ffusionauth-javascript-sdk-express/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FusionAuth","download_url":"https://codeload.github.com/FusionAuth/fusionauth-javascript-sdk-express/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223192692,"owners_count":17103564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T15:06:02.025Z","updated_at":"2024-11-05T15:06:02.569Z","avatar_url":"https://github.com/FusionAuth.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Example: FusionAuth Web SDKs Server Implementation\n\nThis repository provides an example server implementation for [FusionAuth Web SDKs](https://github.com/FusionAuth/fusionauth-javascript-sdk). FusionAuth Web SDKs can be utilized in one of two ways:\n\n1. Hosting Your Own Server: Implementing a server that handles OAuth token exchange and fulfills the [server code requirements for FusionAuth Web SDKs](https://github.com/FusionAuth/fusionauth-javascript-sdk-express#server-code-requirements).\n2. Using the FusionAuth Hosted Server: Leveraging the server hosted on your FusionAuth instance, eliminating the need to write your own server code.\n\nIf you opt for hosting your own server, this repository will serve as an example. The provided example is in JavaScript and utilizes [Express](https://expressjs.com/). If you opt to implement your own server you are free to use any technology stack as long as it meets the server code requirements.\n\n## Setup\n\nTo get started, follow these steps:\n\n1. From the root directory, run `npm install`.\n2. Run `npm run start`.\n\nYou should observe the console output `FusionAuth example server listening on port 9000`.\n\n## Server code requirements\n\nThe endpoints described below serve as a summary of requirements and expected behaviors of each endpoint. For additional details on these endpoints you can reference the [Hosted Backend documentation](https://fusionauth.io/docs/apis/hosted-backend).\n\nYour server must have the following endpoints:\n\n#### `GET /app/login`\n\nThis endpoint must:\n\n1.  Generate PKCE code.\n    - The code verifier should be saved in a secure **HTTP-only** cookie.\n    - The code challenge is passed along\n2.  Encode and save `redirect_url` from the client app to `state`.\n3.  Redirect browser to `/oauth2/authorize` with a `redirect_uri` to `/app/token-exchange`\n\n[Example implementation](https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/login.js)\n\n#### `GET /app/callback`\n\nThis endpoint must:\n\n1.  Call\n    [/oauth2/token](https://fusionauth.io/docs/v1/tech/oauth/endpoints#complete-the-authorization-code-grant-request)\n    to complete the Authorization Code Grant request. The `code` comes from the request query parameter and\n    `code_verifier` should be available in the secure **HTTP-only** cookie, while\n    the rest of the parameters should be set/configured on the server\n    side.\n\n2.  Once the token exchange succeeds, read the `app.at` from the\n    response body and set it as a secure, **HTTP-only** cookie with the same\n    name.\n\n3.  If you wish to support refresh tokens, repeat step 2 for the\n    `app.rt` cookie.\n\n4.  Save the expiration time in a readable `app.at_exp` cookie. This value should be represented as seconds since the epoch.\n\n5.  And save the `app.idt` id token in a readable cookie.\n\n6.  Redirect browser back to encoded url saved in `state`.\n\n[Example implementation](https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/callback.js)\n\n#### `GET /app/register`\n\nThis endpoint is similar to `/login`. It must:\n\n1.  Generate PKCE code.\n    - The code verifier should be saved in a secure **HTTP-only** cookie.\n    - The code challenge is passed along\n2.  Encode and save `redirect_url` from the client app to `state`.\n3.  Redirect browser to `/oauth2/register` with a `redirect_uri` to `/app/callback`\n\n[Example implementation](https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/register.js)\n\n#### `GET /app/me`\n\nThis endpoint must:\n\n1.  Use `app.at` from cookie and use as the Bearer token to call `/oauth2/userinfo`\n2.  Return json data\n\n[Example implementation](https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/me.js)\n\n#### `GET /app/logout`\n\nThis endpoint must:\n\n1.  Clear the `app.at` and `app.rt` secure, **HTTP-only**\n    cookies.\n2.  Clear the `app.at_exp` and `app.idt` secure cookies.\n3.  Redirect to `/oauth2/logout`\n\n[Example implementation](https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/logout.js)\n\n#### `POST /app/refresh` (optional)\n\nThis endpoint is necessary if you wish to use refresh tokens. This\nendpoint must:\n\n1.  Call\n    [/oauth2/token](https://fusionauth.io/docs/v1/tech/oauth/endpoints#refresh-token-grant-request)\n    to get a new `app.at` and `app.rt`.\n\n2.  Update the `app.at`, `app.at_exp`, `app.idt`, and `app.rt` cookies from the\n    response.\n\n[Example implementation](https://github.com/FusionAuth/fusionauth-javascript-sdk-express/blob/main/routes/refresh.js)\n\n## Upgrade Policy\n\nThis library may periodically receive updates with bug fixes, security patches, tests, code samples, or documentation changes.\n\nThese releases may also update dependencies, language engines, and operating systems, as we\\'ll follow the deprecation and sunsetting policies of the underlying technologies that the libraries use.\n\nThis means that after a dependency (e.g. language, framework, or operating system) is deprecated by its maintainer, this library will also be deprecated by us, and may eventually be updated to use a newer version.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffusionauth%2Ffusionauth-javascript-sdk-express","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffusionauth%2Ffusionauth-javascript-sdk-express","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffusionauth%2Ffusionauth-javascript-sdk-express/lists"}