@jmondi/oauth2-server

TypeScript OAuth2.0 Server

@jmondi/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in TypeScript.

Requires node >= 18. Read the docs

The following RFCs are implemented:

• RFC6749 "OAuth 2.0"
• RFC6750 "The OAuth 2.0 Authorization Framework: Bearer Token Usage"
• RFC7009 "OAuth 2.0 Token Revocation"
• RFC7519 "JSON Web Token (JWT)"
• RFC7636 "Proof Key for Code Exchange by OAuth Public Clients"
• RFC7662 "OAuth 2.0 Token Introspection"
• RFC8693 "OAuth 2.0 Token Exchange"

Out of the box it supports the following grants:

• Authorization code grant
• Client credentials grant
• Refresh grant
• Implicit grant // not recommended
• Resource owner password credentials grant // not recommended

Framework support:

The included adapters are just helper functions, any framework should be supported. Take a look at the adapter implementations to learn how you can create custom adapters for your favorite tool!

• VanillaJS
• Express
• Fastify.

Example implementations:

• Simple
• Advanced

Security

Version	Latest Version	Security Updates
3.x	:tada:	:tada:
2.x		:tada:

Migration Guide

• v1 to v2
• v2 to v3

Thanks

This project is inspired by the PHP League's OAuth2 Server. Check out the PHP League's other packages for some other great PHP projects.

Star History