NodeJS Setup (5 mins)
For framework specific implementation (like Next.js), please skip this section and go directly to the section with the name of your framework.
This library provides a set of functions and default APIs required for authentication.
found here.
An example implementation can be1️⃣ npm install
npm i -s supertokens-node
init
function
2️⃣ Call the At the top of your index.js
file, add the following code. Be sure to replace the appInfo
content with your specific information (as you did for the frontend)
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");
let ThirdPartyEmailPassword, {Google, Github, Facebook} = require("supertokens-node/recipe/thirdpartyemailpassword");
supertokens.init({
supertokens: {
connectionURI: "https://try.supertokens.io",
},
appInfo: {
appName: "YOUR APP NAME", // Example: "SuperTokens",
apiDomain: "YOUR API DOMAIN", // Example: "https://api.supertokens.io",
websiteDomain: "YOUR WEBSITE DOMAIN" // Example: "https://supertokens.io"
},
recipeList: [
ThirdPartyEmailPassword.init({
providers: [
Google({
clientSecret: "GOOGLE_CLIENT_SECRET",
clientId: "GOOGLE_CLIENT_ID"
}),
Github({
clientSecret: "GITHUB_CLIENT_SECRET",
clientId: "GITHUB_CLIENT_ID"
}),
Facebook({
clientSecret: "FACEBOOK_CLIENT_SECRET",
clientId: "FACEBOOK_CLIENT_ID"
})
]
}),
Session.init() // initializes session features
]
});
- Github
Make sure that the above configurations for "CLIENT_SECRET" are stored in your environment variables and not directly in your javascript files for security reasons.
If you noticed, we used https://try.supertokens.io
as the connectionURI
above. This is a Core that we are hosting for the demo app.
You can continue to use this for as long as you like, but once you are more committed to using SuperTokens, you will need to run a Core dedicated for your app.
3️⃣ Add the SuperTokens and CORS middleware
Add the middleware
BEFORE all your routes.
let cors = require("cors");
let supertokens = require("supertokens-node");
supertokens.init({...}) // from step 2
let app = express();
// ...other middlewares
app.use(cors({
origin: websiteUrl,
allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],
credentials: true,
}));
app.use(supertokens.middleware());
// ...your API routes
This middleware
automatically adds a few APIs:
POST /auth/signinup
: For signing up/signing in a user using a thirdparty provider.POST /auth/signup
: For signing up a user with email & passwordPOST /auth/signin
: For signing in a user with email & password- More APIs can be found here:
/auth/
is a base path that can be changed if you want.
4️⃣ Add the SuperTokens error handler
Add the errorHandler
AFTER all your routes, but BEFORE your error handler
// ...your API routes
app.use(supertokens.errorHandler())
// your own error handler
app.use((err, req, res, next) => {...});
5️⃣ Test if sign up is setup correctly
- Go to the
/auth
route of your website - Try to sign up.
- If after signing up, you are redirected to
/
, everything is setup correctly 😁 - If not, don't worry, you can always ask for help via Github issues or via our Discord
6️⃣ Add session verification
For your APIs that require a user to be logged in, use the verifySession
middleware:
let Session = require("supertokens-node/recipe/session");
app.post("/like-comment", Session.verifySession(), (req, res) => {
let userId = req.session.getUserId();
//....
});
Minimum setup completed 🎉🥳
Congratulations! You now have a fully functional login and session system!
The next steps is to setup your SuperTokens core instance.