GoPilot support OAuth2 protocol. So you can use GoPilot Single Signon with any web site or app. For this you can use any OAuth2 client library of your choice.

Of course you need to sign up for GoPilot first and then configure SSO Identity Providers of your choice. Also make sure you added an application definition within GoPilot. You can view documentation for these operations here .

In this post, we will examine how you can use the popular Passport.js to configure Single Sign on on your web site.

The flow of the user is as below, just standard OAuth2 flow:

  1. Users will access a login URL on your site and then get redirected to GoPilot  login
  2. User will sign on based on one your configured Single Sign-on Identity Provider.
  3. If this is the first time accessing GoPilot, user will be shown a consent page authorizing GoPilot (hence your site) access basic information such as Name and email. Email is important as this is how we identify the user.
  4. After this, user will be redirected to your site, to your "Callback URL" with an authorization code
  5. Passport will use the access code to get users profile from GoPilot and save user's information into the session within your application.
  6. Anytime later when the user accesses any other URL on your site,  as long as the user session is active, you can access user's information usign request.user value.

The strategy we will use is passport-oauth2 which is a standard strategy provided by Passport.js. We will explore the code section by section.

We start by defining the libraries we depend on. As you can see it is minimal, only express, passport and Node.js request library.

const express = require('express');
const session = require('express-session');
const request = require('request');
const passport = require('passport');
const OAuth2Strategy = require('passport-oauth').OAuth2Strategy;

Then initialize Express and session also tell Express to use passport middleware

const app = express();
    secret: 'somesecretstring',

To use passport sessions(so we can figure out the user as long as the user's session is active, we add standard passport serialize and deserialize functions

passport.serializeUser(function(user, done) {
     done(null, user);

  passport.deserializeUser(function(obj, done) {
    var user = obj 
 done(null, user);

Here comes the crucial code of this exercise. We configure passport OAuth2 strategy by providing the values from GoPilot and the application defined.

passport.use(new OAuth2Strategy({
    authorizationURL: '',
    tokenURL: '',
    clientID: 'XXXXXXXXXX',
    clientSecret: 'XXXXXXXXX',
    callbackURL: "http://localhost:3000/auth/callback"
  function(accessToken, refreshToken, profile, cb) {
            url: ''
          , headers: {
              'Authorization': 'Bearer ' + accessToken
          }, (error, response, body) => {
        if (!error && response.statusCode === 200) {
          //  console.log(body);
        } else {

Above, the URLs are standard GoPilot URLs. They will not change based on your applications. So add them as you see them. As for ClientID and ClientSecret, copy them from the 'Application Detail' page within GoPilot. Callback URL depends on your application where user will return to your application  upon signing on via GoPilot. It matches the Express listening port and a URI of your choice.

Let's configure the first URL within your application where users will access and then get redirected to GoPilot for login


So based on this, when a user accesses '/auth/login' on your site, he/she will be redirected to GoPilot. After signing on (and giving consent first time), user will be redirected to the Callback URL of your site, which you configured in the code above

  passport.authenticate('oauth2', { failureRedirect: '/error' }),
  function(req, res) {
    // Successful authentication, redirect home.

The callback code above uses the authorization code to get the user's profile and save to the session. After that user is redirected to '/' (or any other page of your choice. An example of this is below where you can log the user's profile using request.user object

app.get('/', (request, response) => {

As you can see, you can use this request.user object to understand who the user is in any part of your code.

Now that we logged in the user, let's add a logout URL to give user a chance to logout. When the user hits '/logout' users profile is removed from the session

app.get('/logout', (request, response) => {
     request.logout(); {
  return response.redirect('/');

And of course at the end, the famous listen method for Express

  app.listen(3000, () => console.log('Listening....'));

Try this by accessing http://localhost:3000/auth/login