Go to Console
Star on GitHub 43.6K Get started

OAuth authentication with SSR

To support the OAuth flow, we first redirect the user to the OAuth provider, and then handle the callback from the OAuth provider.

To redirect, add a button to our sign up page that redirects the user to the OAuth provider.

Vue
<!-- pages/signup.vue -->

<!-- ... existing sign up form -->

<form action="/api/oauth" method="post">
  <input type="hidden" name="provider" value="github" />
  <button type="submit">Sign up with GitHub</button>
</form>

Add a new server route to handle the redirect.

JavaScript
// server/routes/api/oauth.post.js
import { createAdminClient } from "~/server/lib/appwrite";

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig(event);
  const { account } = createAdminClient();

  const redirectUrl = await account.createOAuth2Token(
    "github", // OAuth provider
    `${config.public.appwriteEndpoint}/api/oauth`, // Success URL: redirect back to the /oauth route
    `${config.public.appwriteEndpoint}/signup`      // Failure URL: redirect to the sign up page
  );

  // Redirect the user to the OAuth provider authorization page
  await sendRedirect(event, redirectUrl);
});

The createOAuth2Token method redirects the user to the OAuth provider, and then the OAuth provider redirects the user back to the /oauth route with the userId and secret URL query parameters.

Handle the callback and create a session for the user. Create a new server route at server/routes/api/oauth.get.js.

JavaScript
// server/routes/api/oauth.post.js
import { SESSION_COOKIE, createAdminClient } from "~/server/lib/appwrite";

export default defineEventHandler(async (event) => {
  // Extract the userId and secret from the URL query parameters
  const { userId, secret } = getQuery(event);
  if (!userId || !secret) {
    return sendRedirect(event, "/signup");
  }

  // Create the Appwrite client
  const { account } = createAdminClient();

  // Exchange the token userId and secret for a session
  const session = await account.createSession(userId, secret);

  // Set the session cookie
  setCookie(event, SESSION_COOKIE, session.secret, {
    expires: new Date(session.expire),
    path: "/",
    httpOnly: true,
    secure: true,
    sameSite: "strict",
  });

  // Redirect the user to the account page
  await sendRedirect(event, "/account");
});
Step 6: Create account page Step 8: All set
Was this page helpful?
Copyright © 2024 Appwrite