Presumably you have the auth flow in the new tab finish on a simple page containing a script. What does that script do to notify the original window that the auth flow is finished?
If you open the OAuth flow in a pop-up, with window.open (actually, for most browsers to open a pop-up, the user has to actually click on a link, so your href should be javascript:window.open("https://oauth_start) - target="_blank" might work as well but I can't remember), after the user has completed the authentication and ended back up on your site, you can trigger a function on the parent window and close the pop-up, like window.parent.facebookAuthenticationComplete(); window.close(); I think this is a lot easier and more reliable than pushing anything through a node/pub-sub solution.
I agree; the whole node socket/handshake is a ton of overhead if you're not interested in using the socket to make calls over the API you just authenticated.
You can actually trigger the close function from the window that has been opened. Since it was opened programmatically it can be closed programmatically.
The redirect url from the oauth process (which basically every third party has) is simply a page of ours with close(); inside some javascript tags. Since we opened the window programatically we can close it.
In the front end I just poll every few seconds for the oauth completion and the server says "yup I'm done" or "they're still working on it" :)