const express = require('express');
const { OneAccount } = require('oneaccount-express');
const Redis = require('ioredis');
const redis = new Redis();
let oneaccount = new OneAccount({
// If engine is not provided an in-memory engine will be used.
// For production it is recommended to provide an engine:
// for this example we will use redis but any other database could be used
// for best results the timeout should match the timeout
// set in frontend (updateInterval option, default: 3 minutes)
set: (k,v) => redis.set(k, v, "EX", 3 * 60),
let v = redis.get(k); redis.del(k); return v;
// The route URL is the callback URL you have set when you created One account app.
app.post('/oneaccountauth', oneaccount.auth, (req, res, next) => {
// NOTE: req.oneaccount is set when a user is authenticated,
// so never return code 200 if this object is not present
return res.status(401).json({ error: 'unauthorized' });
// a user is authenticated and you can implement any logic your application
// needs. req.oneaccount holds data sent by the user
// after successful authentication
// since One account doesn't differentiate between sign up and sign in,
// you can use userId to check if the user signed up already on your website or not.
// the same way you can access any other data you requested from the user:
const { userId, firstName } = req.oneaccount;
// the object contains all fields (camelCased) that are defined in the app (Requested data)
// any data returned here would be sent to oneaccount-authenticated event on front-end e.g.:
return res.json({ firstName });
// OPTIONAL: in addition you can read error messages if any occured
app.use((err, req, res, next) => {
console.error(err.devMessage);
if (!err.status) err.status = 500;
res.status(err.status).send(err.message);
app.listen(process.env.PORT || 3000);