ThirdAuth: A Simple and Secure Third-Party Authentication Library for Apple, Google, LinkedIn, SnapChat and X (Twitter) for Node.js at server-side

Behrad Kazemi
4 min readAug 16, 2024

--

In today’s digital world, user authentication is one of the most critical aspects of application development. As users demand convenience and flexibility, developers must integrate third-party authentication methods (like Apple, Google, SnapChat, LinkedIn and Twitter) to provide seamless user login experiences.

However, managing multiple authentication flows can be tedious and complex. Enter ThirdAuth, a TypeScript-based library that aims to simplify and securely handle third-party authentication for Apple, Google, SnapChat, LinkedIn and X (formerly Twitter).

In this article, we’ll introduce ThirdAuth, highlight its key features, demonstrate how to use it with popular OAuth providers, and explain why it could be a game-changer for developers handling third-party sign-ins.

What Is ThirdAuth?

ThirdAuth is an NPM package designed to make third-party authentication easier and more secure for developers working with Apple, Google, SnapChat, LinkedIn and X. It provides a unified interface for managing OAuth flows and automatically handles the intricacies of client secrets, token exchanges, and API interactions.

Whether you’re dealing with single or multiple OAuth providers, ThirdAuth makes the implementation of user sign-ins seamless, taking the headache out of maintaining various authentication workflows.

Key Features of ThirdAuth

1. Multi-Provider Support: Easily integrate Apple, Google, SnapChat, LinkedIn and X authentication handlers into your application.
2. Simplified User Credential Validation: Validate tokens and authorization codes securely and efficiently with a few lines of code.
3. Multiple Account Support: Need to manage multiple accounts or client IDs for a single provider? No problem! ThirdAuth supports multiple handlers per provider.
4. Automatic Apple Client Secret Management: For Apple Sign-In, ThirdAuth periodically updates the client secret, so you don’t have to worry about expiration and renewal.
5. TypeScript Compatibility: Fully written in TypeScript, offering strong typing and making the code safer and easier to maintain.

Installation

Getting started with ThirdAuth is simple. First, install the package using NPM:

npm install third-auth

Once installed, you’re ready to start configuring authentication handlers for Apple, Google, SnapChat, LinkedIn or X.

Example Usage of ThirdAuth

Apple Sign-In

ThirdAuth provides an easy way to register an Apple Sign-In handler. Here’s a quick example:

ThirdAuth.registerHandler({
clientId: 'config.apple.clientId',
clientSecret: 'config.apple.clientSecret',
keyId: 'config.apple.keyId',
teamId: 'config.apple.teamId',
privateKey: 'config.apple.privateKey',
}, ThirdPartyType.Apple);

Once the handler is registered, you can validate the user credentials as follows:

const payload = await ThirdAuth
.getAppleHandler('config.apple.clientId')
.validateUserCredentials({ authorizationCode: loginDto.authorizationCode });

Google Sign-In

To register a Google Sign-In handler, the process is equally straightforward:

ThirdAuth.registerHandler({
clientId: 'config.google.clientId',
clientSecret: 'config.google.clientSecret',
}, ThirdPartyType.GOOGLE);

To validate a user’s ID token:

const payload = await ThirdAuth
.getGoogleHandler('config.google.clientId')
.validateUserCredentials({ idToken: loginDto.idToken });

X (Twitter) Sign-In

for X (Twitter), you can register a handler and validate credentials like this:

ThirdAuth.registerHandler({
clientId: 'config.x.clientId',
clientSecret: 'config.x.clientSecret',
redirectURI: 'config.x.redirectURI',
}, ThirdPartyType.X);
const payload = await ThirdAuth
.getXHandler('config.x.clientId')
.validateUserCredentials({ authorizationCode: loginDto.authorizationCode });

SnapChat Sign-In

for Snap Chat, you can register a handler and validate credentials like this:

ThirdAuth.registerHandler({
clientId: 'config.snapChat.clientId',
clientSecret: 'config.snapChat.clientSecret',
redirectURI: 'config.snapChat.redirectURI',
}, ThirdPartyType.SnapChat);
const payload = await ThirdAuth
.getSnapChatHandler('config.snapChat.clientId')
.validateUserCredentials({ authorizationCode: loginDto.authorizationCode });

LinkedIn Sign-In

Finally, for LinkedIn, you can register a handler and validate credentials like this:

ThirdAuth.registerHandler({
clientId: 'config.linkedIn.clientId',
clientSecret: 'config.linkedIn.clientSecret',
redirectURI: 'config.linkedIn.redirectURI',
}, ThirdPartyType.LinkedIn);
const payload = await ThirdAuth
.getLinkedInHandler('config.linkedIn.clientId')
.validateUserCredentials({ authorizationCode: loginDto.authorizationCode });

Managing Multiple Accounts

If you’re dealing with multiple Apple, Google, SnapChat, LinkedIn or X accounts, ThirdAuth lets you register different handlers for each account. Here’s how to do it for Apple:

ThirdAuth.registerHandler({
clientId: 'config.apple.clientId.2',
clientSecret: 'config.apple.clientSecret.2',
keyId: 'config.apple.keyId.2',
teamId: 'config.apple.teamId.2',
privateKey: 'config.apple.privateKey.2',
}, ThirdPartyType.Apple);
const payload = await ThirdAuth
.getAppleHandler('config.apple.clientId.2')
.validateUserCredentials({ authorizationCode: loginDto.authorizationCode });

This capability is especially useful if you need to manage multiple environments or have different OAuth clients for various segments of your application.

Apple Client Secret Updates

One of the trickiest aspects of integrating Apple Sign-In is managing the expiration of client secrets. ThirdAuth removes this burden by automatically updating the Apple client secret for you:

await ThirdAuth.updateAppleClientSecrets();

This ensures that your app always has a valid client secret, removing the need for manual updates and reducing the risk of users being unable to authenticate.

Why Use ThirdAuth?

There are numerous libraries out there for handling third-party authentication, but ThirdAuth stands out for several reasons:

- Unified Interface: A single, consistent API for multiple providers reduces the complexity and confusion often associated with OAuth flows.
- TypeScript First: Written with TypeScript in mind, ThirdAuth provides the type safety that modern JavaScript developers rely on for building reliable and maintainable applications.
- Scalability: Whether you’re managing one OAuth client or multiple, ThirdAuth scales with your needs.

Conclusion

Third-party authentication is a must-have for most applications, but it doesn’t have to be complicated. ThirdAuth offers a simple, secure, and flexible way to manage Apple, Google, SnapChat, LinkedIn and X (Twitter) sign-ins. With features like multiple handler support, automatic Apple client secret updates, and a unified API, ThirdAuth is a must-try for any developer looking to streamline their OAuth flows.

Whether you’re building an app for a startup or a large enterprise, ThirdAuth simplifies third-party authentication and helps you focus on what matters — building great user experiences.

Try it out today by installing it via NPM:

npm install third-auth

Happy coding!

Useful Links:

Github Repository

NPM Package

--

--