Authorizing via OAuth

The Trello API supports basic OAuth; you can use an OAuth library and the following URLs:

You’ll also need your application secret (used to sign your requests). That’s listed in the second box on


Here’s an example in CoffeeScript:

http = require('http')
OAuth = require('oauth').OAuth
url = require('url')

#run locally on a port that probably isn't taken
domain = ""
port = 6080

requestURL = ""
accessURL = ""
authorizeURL = ""
appName = "Trello OAuth Example"

#replace these with your application key/secret
key = "YOURKEY"
secret = "YOURSECRET"

#Trello redirects the user here after authentication
loginCallback = "http://#{domain}:#{port}/cb"

#need to store token: tokenSecret pairs; in a real application, this should be more permanent (redis would be a good choice)
oauth_secrets = {}

oauth = new OAuth(requestURL, accessURL, key, secret, "1.0", loginCallback, "HMAC-SHA1")

login = (req, res) ->
  oauth.getOAuthRequestToken (error, token, tokenSecret, results) =>
    oauth_secrets[token] = tokenSecret
    res.writeHead(302, { 'Location': "#{authorizeURL}?oauth_token=#{token}&name=#{appName}" })

cb = (req, res) ->
  query = url.parse(req.url, true).query

  token = query.oauth_token
  tokenSecret = oauth_secrets[token]
  verifier = query.oauth_verifier

  oauth.getOAuthAccessToken token, tokenSecret, verifier, (error, accessToken, accessTokenSecret, results) ->
    #in a real app, the accessToken and accessTokenSecret should be stored
    oauth.getProtectedResource("", "GET", accessToken, accessTokenSecret, (error, data, response) ->
      #respond with data to show that we now have access to your data

http.createServer( (req, res) ->
  if /^\/login/.test(req.url)
    login(req, res)
  else if /^\/cb/.test(req.url)
    cb(req, res)
    res.end("Don't know about that")
).listen(port, domain)

console.log "Server running at #{domain}:#{port}; hit #{domain}:#{port}/login"

Documentation Home


You are here: