If you are trying to create a local application, here is a sample of how to handle authentication over localhost with Node.js

If you need to change your app's Redirect URI, note that at this time, the app must be deleted and re-created.


What you will need

You will need the software below. The version used for this sample is shown in parentheses.

  1. Node.js (6.11.1) & npm (5.6.0)
  2. openssl (0.9.8h)
  3. Your app information
    1. Redirect URI
    2. Consumer Key

Generating a self-signed certificate

The openssl command below will generate key and certificate files you will need later. Put them in a location accessible to the Node app.

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

Note: this is specific to apps running on the local machine, a response is sent to the browser only to show it's working.


Setting up the Node.js environment

Create a directory for this app and run the commands below

npm install express --save
npm install request --save


The Node.js app

Code for the app:

var fs = require('fs');
var http = require('http');
var https = require('https');
var request = require('request');

//SSL cert
var privateKey  = fs.readFileSync('path/to/key.pem', 'utf8');
var certificate = fs.readFileSync('path/to/certificate.pem', 'utf8');
var credentials = {key: privateKey, cert: certificate};

var express = require('express');
var app = express();

app.get('/', function(req, res){

	var headers = {
		'Content-Type': 'application/x-www-form-urlencoded'

	var options = {
                //see the Authentication API's Post Access Token method for more information
		url: '',
		method: 'POST',
		headers: headers,
                //POST Body params
		form: {
			'grant_type': 'authorization_code',
			'access_type': 'offline',
			'code': req.query.code, //get the code
			'client_id': 'Consumer Key',
			'redirect_uri': 'Redirect URI'
        //Post Access Token request
	request(options, function(error, response, body) {
		if (!error && response.statusCode == 200) {
			//see Post Access Token response summary for what authReply contains
			authReply = JSON.parse(body);
			//the line below is for convenience to test that it's working after authenticating
	function errorHandler (err, req, res, next) {
		res.render('error', { error: err })

var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);

//Set to 8080, but can be any port, code will only come over https, even if you specified http in your Redirect URI
httpsServer.listen(Port of Redirect URI);

Sample created referencing @samwize.


Trying it out

Go to a browser and enter your app's authentication URL in the format below. Remember to URLEncode the variables before adding them to the URL URI&client_id=Consumer Key%40AMER.OAUTHAP

If the app is working, you should see the Post Access Token response in the browser