[tip_of_the_hat]

Hey HN, author here.

When I was first learning OAuth, I found that all the guides were text-heavy and lacked code. I personally learn better from code, so I created a code-first guide. Let me know if you have any feedback!

[akira2501]

It's a decent skeleton for a server side client. You might consider showing how a token refresh might work.

There is often a need for public client side implementations as well. Are you planning on making one there? It's mostly the same idea but you do the redirects yourself with CSRF and PKCE.

[tip_of_the_hat]

Yup, planning on expanding to add a PKCE and OIDC walkthroughs as well!

[dpig_]

I really enjoyed the way you presented that, really helped me to focus while reading.

[iamcreasy]

This looks great! I'll surely come back to it later.

How much of the process can be pushed to server side? (Sorry, I don't speak JS.)

[tip_of_the_hat]

Pretty much all of it! The JS in this walkthrough is all server-side. I tried to keep the JS itself simple so that someone unfamiliar with the language could have an easy time following the code.

[Atotalnoob]

It’s all server side. It’s written using express which is a web server framework built on top of nodejs