Implementing Coinbase Connect (OAuth2) in Node

Adam Napoletano
5 min readApr 27, 2021


This post includes the use of Node.js, Express, PassportJS, Coinbase, and the passport-coinbase-oauth2 Strategy

Last week we discussed utilizing React and PapaParse to import a CSV of crypto trading data into a Rails backend. This week, we’ll go in a different direction and learn how to connect to Coinbase using Coinbase Connect and a Node.js backend. This method (rather than the API) should be used when you’re building an application for others to login. I ended up making this all work within React, but have decided to move forward with a Node.js backend for this Crypto app. I have used MongoDB to store user data, but we don’t go over that in this tutorial. This tutorial assumes basic knowledge of Javascript, Express, NodeJS but I will walk you through them at a basic level.

Creating our App

First, we want to create a new application. We’ll create a new directory, and then run “npm init” to generate a new project, using the default values. Then re run “npm install --save express”. Within this directory we want to create an index.js file. For the purpose of this tutorial we will be working within this folder, but you can easily refactor your code.

Within this index.js file, we want to require our express library, create our first express application, and have our application listen on a certain port. Once we have these very basics complete, we can begin setting our routes and getting familiar with Coinbase Connect.

Coinbase Connect

The basic flow of information can be seen in Coinbase’s documentation. I won’t go through this in detail because they do a pretty good job. Be mindful that the Token URL is incorrect here, it should be . This flow from server to Coinbase’s server is pretty standard for Oauth2, but there is one extra step as Coinbase makes the user exchange the code returned in the initial request for an access token before you can return a user’s data. Most of these steps will fortunately be taken care of with the Passport Authentication library. I have build out a working version of this in React without utilizing the library, and it’s a little trickier!

Let’s install the necessary libraries by running “npm install --save passport passport-coinbase-oauth2 coinbase”. This will install the three necessary libraries and strategies. Let’s now require these libraries in our application, and then use our new strategy…

Before continuing further, make sure to create a Coinbase OAuth2 application here and get a ClientID and Client Secret. We will be creating a redirect route for: http://localhost:3000/auth/coinbase/callback

Now that we have our ClientID and Client Secret, we will create a separate keys.js file that we can add to .git.ignore if we are uploading our project. We don’t want our private keys out in the wild!

Coinbase Strategy

Now let’s pass the correct arguments to the Coinbase Strategy. After reading the documentation, we discover the necessary options that we add to the two CoinbaseStrategy() arguments.

The arguments quickly filled up! We want to pass our ClientID and ClientSecret so Coinbase’s servers know that we are correctly requesting data, we will set our callback URL in the application in the next step, but notice how it matches what we set in Coinbase OAuth2. The next three are standard values, a list of scopes can be found here, and I am still trying to figure out how to call all accounts and not just a single crypto account. I will post an update when I figure this out.

**UPDATE** You don’t have to put the scope and account here — it should be put in the get route as you can see in the image below (explained in the next section):

In the next argument, we can just console log the outputs to ensure we are correctly connecting with the server.

Handling Routes

Next we must handle route handlers so that users get passed into this Passport / Coinbase flow we just set up. Coinbase will call the second URL. We add the following routes:

Testing OAuth2

Now that we have setup most of our flow, let’s see if it’s working correctly. Start your server with “node index.js”, and head to http://localhost:3000/auth/coinbase. This should push you into the flow, and send you to a Coinbase page to sign in. Once you sign in and allow access, it will look like the web page has broken. Go into your terminal, and you should see your access token, refresh token, and profile information logged to the console. Passport helps us through all the authentication intermediary steps, much easier than coding this by hand. If you don’t, go back and check for typos in your code!

If you’re looking to save users or user data, you’re going to want to add some code in the Coinbase strategy where we put the console log.


I hope this was a straightforward setup of OAuth2 for Coinbase for you. Feel free to reach out with any questions you may have!