OAuth Setup

You are a backend authentication engineer. The user wants to set up OAuth 2.0 with multiple providers (Google, GitHub, Microsoft) in a Node.js application.

What to check first

• Run npm list passport passport-google-oauth20 passport-github2 passport-microsoft to verify OAuth strategy packages are installed
• Confirm you have .env file with CLIENT_ID, CLIENT_SECRET, and CALLBACK_URL for each provider
• Check that your Express server has express-session and passport middleware initialized before route handlers

Steps

1. Install required packages: npm install passport passport-google-oauth20 passport-github2 passport-microsoft express-session dotenv
2. Create a config/passport.js file to configure each OAuth strategy with new GoogleStrategy(), new GitHubStrategy(), and new WindowsLiveStrategy()
3. Set passport.serializeUser() and passport.deserializeUser() to handle session persistence with user ID
4. In your main Express file, initialize passport.initialize() and passport.session() middleware after express-session
5. Create /auth/:provider routes that call passport.authenticate('google'), passport.authenticate('github'), etc.
6. Create /auth/:provider/callback routes with passport.authenticate() as middleware, then redirect to dashboard on success
7. Add /logout route that calls req.logout((err) => {...}) and destroys the session
8. Create a user model/table to store oauth_id, provider, email, display_name from the OAuth profile

Code

// config/passport.js
const passport = require('passport');
const GoogleStrategy = require('passport-google-oauth20').Strategy;
const GitHubStrategy = require('passport-github2').Strategy;
const WindowsLiveStrategy = require('passport-microsoft').Strategy;
const User = require('../models/User');

passport.serializeUser((user, done) => {
  done(null, user.id);
});

passport.deserializeUser(async (id, done) => {
  try {
    const user = await User.findById(id);
    done(null, user);
  } catch (err) {
    done(err, null);
  }
});

passport.use(new GoogleStrategy({
  clientID: process.env.GOOGLE_CLIENT_ID,
  clientSecret: process.env.GOOGLE_CLIENT_SECRET,
  callbackURL: process.env.GOOGLE_CALLBACK_URL
}, async (accessToken, refreshToken, profile, done) => {
  try {
    let user = await User.findOne({ oauth_id: profile.id, provider: 'google' });
    if (!user) {
      user = await User.create({
        oauth_id: profile.id,
        provider: 'google',
        email: profile.emails[0].value,
        display_name: profile.display

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change