How to use OAuth in Node.js

Tuesday, December 2, 2025

#nodejs #oauth #authentication #google #social-login

OAuth authentication enables secure third-party login integration in Node.js applications without handling user passwords directly. As the creator of CoreUI with extensive Node.js development experience since 2014, I’ve implemented OAuth flows in numerous enterprise applications for simplified user onboarding. The most reliable approach uses Passport.js with OAuth strategy packages to handle the complex authentication flow automatically. This method provides secure authentication while offering users familiar login options from popular platforms like Google, GitHub, or Facebook.

Implement OAuth authentication using Passport.js with Google OAuth strategy for secure social login.

const passport = require('passport')
const GoogleStrategy = require('passport-google-oauth20').Strategy

// Configure Google OAuth strategy
passport.use(new GoogleStrategy({
    clientID: process.env.GOOGLE_CLIENT_ID,
    clientSecret: process.env.GOOGLE_CLIENT_SECRET,
    callbackURL: '/auth/google/callback'
  },
  async (accessToken, refreshToken, profile, done) => {
    try {
      // Check if user exists
      let user = await User.findOne({ googleId: profile.id })

      if (user) {
        return done(null, user)
      } else {
        // Create new user
        user = new User({
          googleId: profile.id,
          name: profile.displayName,
          email: profile.emails[0].value,
          avatar: profile.photos[0].value
        })
        await user.save()
        return done(null, user)
      }
    } catch (error) {
      return done(error, null)
    }
  }
))

// OAuth routes
app.get('/auth/google',
  passport.authenticate('google', { scope: ['profile', 'email'] })
)

app.get('/auth/google/callback',
  passport.authenticate('google', { failureRedirect: '/login' }),
  (req, res) => {
    res.redirect('/dashboard')
  }
)

// Logout route
app.get('/logout', (req, res) => {
  req.logout()
  res.redirect('/')
})

This code configures Google OAuth authentication where users are redirected to Google for login, then returned to your application with authentication data. The strategy callback either finds an existing user or creates a new one based on the Google profile information. The OAuth flow handles all security aspects including token validation and user verification automatically.

Best Practice Note:

This is the OAuth implementation pattern we use in CoreUI dashboard applications for seamless social authentication. Always store OAuth tokens securely and implement proper error handling for failed authentication attempts to maintain security and user experience.

Speed up your responsive apps and websites with fully-featured, ready-to-use open-source admin panel templates—free to use and built for efficiency.

About the Author

Łukasz Holeczek, Founder of CoreUI, is a seasoned Fullstack Developer and entrepreneur with over 25 years of experience. As the lead developer for all JavaScript, React.js, and Vue.js products at CoreUI, they specialize in creating open-source solutions that empower developers to build better and more accessible user interfaces.

With expertise in TypeScript, JavaScript, Node.js, and modern frameworks like React.js, Vue.js, and Next.js, Łukasz combines technical mastery with a passion for UI/UX design and accessibility. CoreUI’s mission is to provide developers with tools that enhance productivity while adhering to accessibility standards.

Łukasz shares its extensive knowledge through a blog with technical software development articles. It also advises enterprise companies on building solutions from A to Z. Through CoreUI, it offers professional services, technical support, and open-core products that help developers and businesses achieve their goals.

Learn more about CoreUI’s solutions and see how your business can benefit from working with us.