This sample project demonstrates how a registered app can request authorization from Uphold users to perform actions on their behalf, by using the authorization code OAuth flow. For further background, please refer to the API documentation.
This flow is recommended for web applications that wish to retrieve information about a user's Uphold account, or take actions on their behalf.
This process, sometimes called "3-legged OAuth", requires three steps, each initiated by one of the three actors:
- The user navigates to Uphold's website, following an authorization URL generated by the app, where they log in and authorize the app to access their Uphold account;
- Uphold redirects the user back to the app's website, including a short-lived authorization code in the URL;
- The application's server submits this code to Uphold's API, obtaining a long-lived access token in response. (Since this final step occurs in server-to-server communication, the actual code is never exposed to the browser.)
This example sets up a local server that can be used to perform the OAuth web application flow cycle as described above.
To run this example, you must have:
- Node.js v13.14.0 or later
- An account at https://sandbox.uphold.com
- Run
npm install(oryarn install) - Create an app on Uphold Sandbox
with the redirect URI field set to
https://localhost:3000/callback(you may use a different port number, if you prefer). Note that this demo expects at least theuser:readscope to be activated. - Create a
.envfile based on the.env.examplefile, and populate it with the required data. Make sure to also update theSERVER_PORTif you changed it in the previous step.
- Run
node index.js - Open the URL printed in the command line.
- Attention: Since the certificate used in this demo is self-signed, not all browsers will allow navigating to the page.
You can use Firefox or Safari, which will display a warning but allow you to proceed regardless.
Alternatively, you can navigate to
chrome://flags/#allow-insecure-localhostin Chromium-based browsers, to toggle support for self-signed localhost certificates.
- Attention: Since the certificate used in this demo is self-signed, not all browsers will allow navigating to the page.
You can use Firefox or Safari, which will display a warning but allow you to proceed regardless.
Alternatively, you can navigate to
- Click the link in the page to navigate to Uphold's servers.
- Accept the application's permission request.
Once the authorization is complete and an access token is obtained, the local server will use it to make a test request to the Uphold API. The output will be printed in the command line.