In This Tutorial you will learn how to add social logins (OAuth) in your Angularjs app . If the users choose to log in through a social network, it is done through OAuth . However, once the identity of the user is confirmed, the rest of the process is token-base . This Tutorial can be used in Ecommerce app we have Created earlier .

Some of the node modules (npm) that we are using in this Tutorial are as follows

  • Passport-facebook: Facebook authentication strategy
  • Passport-twitter: Twitter authentication strategy
  • Passport-google-oauth: Google (OAuth) authentication strategies

Ok so lets Get Started ( don’t Forget To Like our Fb page To Get tuts directly To your newsfeed you can also follow us on twitter as well as on google plus ) . Let me explain you user model we are going To use in this tutorial

The user model

The following is an excerpt of the user model. It comes preloaded with all the methods that we need for authentication and validations:

/* server/api/user/user.model.js *excerpt */

var mongoose = require('mongoose');
var Schema = mongoose.Schema;
var crypto = require('crypto');
var authTypes = ['github', 'twitter', 'facebook', 'google'];

var UserSchema = new Schema({
  name: String,
  email: { type: String, lowercase: true },
  role: {
    type: String,
    default: 'user'
  hashedPassword: String,
  provider: String,
  salt: String,
  facebook: {},
  twitter: {},
  google: {},
  github: {}

  .set(function(password) {
    this._password = password;
    this.salt = this.makeSalt();
    this.hashedPassword = this.encryptPassword(password);
  .get(function() {
    return this._password;

UserSchema.methods = {
  authenticate: function(plainText) {
    return this.encryptPassword(plainText) === this.hashedPassword;

  makeSalt: function() {
    return crypto.randomBytes(16).toString('base64');

  encryptPassword: function(password) {
    if (!password || !this.salt) return '';
    var salt = new Buffer(this.salt, 'base64');
    return crypto.pbkdf2Sync(password, salt, 10000, 64).toString('base64');

A plain text password should never be saved to the database. Thus, we are always saving the encrypted version of the password. Furthermore, a salt parameter is added to the password encryption mechanism for extra security.

Password salt ( Important Note )

The purpose of adding a salt is to protect the users with a simple password (dictionary words). Salt is random data generated to be used along with the password in the one-way hashing function. The end result is an encrypted password, which is the one that is stored in the database.