loopback-component-oauth2-server
Advanced tools
This fork was tested on Loopback version 3.x.
The LoopBack oAuth 2.0 component provides full integration between OAuth 2.0 and LoopBack. It enables LoopBack applications to function as an oAuth 2.0 provider to authenticate and authorize client applications and/or resource owners (i.e. users) to access protected API endpoints. This fork allows you implement your own login logic.
The oAuth 2.0 protocol implementation is based on oauth2orize and passport.
See LoopBack Documentation - OAuth 2.0 Component for more information.
Install the component as usual:
$ npm i loopback-component-oauth2-server -S
server/boot/oauth.js
module.exports = function(app) {
var router = app.loopback.Router();
var passport = require('passport');
var CustomStrategy = require('passport-custom');
var oauth2 = require('loopback-component-oauth2-server')
var options = {
// custom user model
userModel: 'user',
applicationModel: 'OAuthClientApplication',
// -------------------------------------
// Resource Server properties
// -------------------------------------
resourceServer: true,
// used by modelBuilder, loopback-component-oauth2-server/models/index.js
// Data source for oAuth2 metadata persistence
dataSource: app.dataSources.db,
// -------------------------------------
// Authorization Server properties
// -------------------------------------
authorizationServer: true,
// path to mount the authorization endpoint
authorizePath: '/oauth/authorize',
// path to mount the token endpoint
tokenPath: '/oauth/token',
// backend api does not host the login page
loginPage: '/oauth/login',
loginPath: '/oauth/login',
loginFailPage: '/oauth/login?fail',
// grant types that should be enabled
supportedGrantTypes: [
'implicit',
'jwt',
'clientCredentials',
'authorizationCode',
'refreshToken',
'resourceOwnerPasswordCredentials'
]
}
oauth2.oAuth2Provider(
app,
options
)
router.get('/', function(req, res) {
res.render('index');
});
router.get('/oauth/login', function(req, res) {
res.render('login', {
loginFailed: req.query && req.query.fail == '' ? true : false
});
});
passport.use('loopback-oauth2-local', new CustomStrategy(
function(req, callback) {
// Do your custom user finding logic here, or set to false based on req object
// verify user name, password
// findOrCreate local user
// return user
callback(null, user);
}
));
// Set up the login handler
router.post(options.loginPath || '/login',
passport.authenticate('loopback-oauth2-local', {
successReturnToOrRedirect: '/',
passReqToCallback: true,
failureRedirect: options.loginFailPage || '/login',
failureFlash: true
}));
app.use(router);
};
model-config.json
"user": {
"dataSource": "db",
"public": true,
"options": {
"remoting": {
"sharedMethods": {
"*": false,
"logout": true
}
}
}
},
"OAuthAccessToken": {
"dataSource": "db",
"public": false,
"relations": {
"application": {
"type": "belongsTo",
"model": "OAuthClientApplication",
"foreignKey": "appId"
},
"user": {
"type": "belongsTo",
"model": "user",
"foreignKey": "userId"
}
},
"options": {
"remoting": {
"sharedMethods": {
"*": false
}
}
}
},
"OAuthAuthorizationCode": {
"dataSource": "db",
"public": false,
"options": {
"remoting": {
"sharedMethods": {
"*": false
}
}
}
},
"OAuthClientApplication": {
"dataSource": "db",
"public": false,
"options": {
"remoting": {
"sharedMethods": {
"*": false
}
}
}
},
"OAuthPermission": {
"dataSource": "db",
"public": false,
"options": {
"remoting": {
"sharedMethods": {
"*": false
}
}
}
},
"OAuthScopeMapping": {
"dataSource": "db",
"public": false,
"options": {
"remoting": {
"sharedMethods": {
"*": false
}
}
}
},
"OAuthScope": {
"dataSource": "db",
"public": false,
"options": {
"remoting": {
"sharedMethods": {
"*": false
}
}
}
},
common/models/user.json
"relations": {
"accessTokens": {
"type": "hasMany",
"model": "OAuthAccessToken",
"foreignKey": "userId",
"options": {
"disableInclude": true
}
}
},
The app instance will be used to set up middleware and routes. The data source provides persistence for the oAuth 2.0 metadata models.
For more information, see OAuth 2.0 LoopBack component official documentation.
FAQs
OAuth 2.0 provider for LoopBack version 3
We found that loopback-component-oauth2-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.