node-oauth2-server
Advanced tools
Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
$ npm install node-oauth2-server
The module provides two middlewares, one for authorization and routing, another for error handling, use them as you would any other middleware:
var express = require('express'),
oauthserver = require('node-oauth2-server');
var app = express();
app.configure(function() {
var oauth = oauthserver({
model: {}, // See below for specification
grants: ['password'],
debug: true
});
app.use(express.bodyParser()); // REQUIRED
app.use(oauth.handler());
app.use(oauth.errorHandler());
});
app.get('/', function (req, res) {
res.send('Secret area');
});
app.listen(3000);
After running with node, visting http://127.0.0.1:3000 should present you with a json response saying your access token could not be found.
Note: As no model was actually implemented here, delving any deaper, i.e. passing an access token, will just cause a server error. See below for the specification of what's required from the model.
model Object Model object (see below)allow Array|Object Either an array (['/path1', '/path2']) or objects or arrays keyed by method ({ get: ['/path1'], post: ['/path2'], all: ['/path3'] }) of paths to allow to bypass authorisation. (Does not currently support regex)grants Array grant types you wish to support, currently the module only supports passworddebug Boolean Whether to log errors to consoleaccessTokenLifetime Number Life of access tokens in seconds (defaults to 3600)refreshTokenLifetime Number Life of refresh tokens in seconds (defaults to 1209600)authCodeLifetime Number Lfe of auth codes in seconds (defaults to 30)clientIdRegex RegExp Regex to match auth codes against before checking modelThe module requires a model object through which some aspects or storage, retrieval and custom validation are abstracted. The last parameter of all methods is a callback of which the first parameter is always used to indicate an error. A model must provide the following methods:
bearerToken String The bearer token (access token) that has been providedcallback Function callback(error, accessToken)
error Mixed Truthy to indicate an erroraccessToken Object|Boolean The access token retrieved form storage or falsey to indicate invalid access tokenaccessToken should, at least, take the form:
expires Date The date when it expiresuser_id String|Number The user_id (saved in req.user.id)clientId StringclientSecret Stringcallback Function callback(error, client)
error Mixed Truthy to indicate an errorclient Object|Boolean The client retrieved from storage or falsey to indicate an invalid client (saved in req.client)clientId StringgrantType Stringcallback Function callback(error, allowed)
error Mixed Truthy to indicate an errorallowed Boolean Indicates whether the grantType is allowed for this clientIdaccessToken StringclientId StringuserId Mixedexpires Datecallback Function callback(error)
error Mixed Truthy to indicate an errorrefreshToken StringclientId StringuserId Mixedexpires Datecallback Function callback(error)
error Mixed Truthy to indicate an errorusername Stringpassword Stringcallback Function callback(error, user)
error Mixed Truthy to indicate an erroruser Object|Boolean The user retrieved from storage or falsey to indicate an invalid user (saved in req.user)req Object The raw requestcallback Function callback(error, supported, user)
error Mixed Truthy to indicate an errorsupported Boolean Whether the grant type is supporteduser Object|Boolean The user retrieved from storage or falsey to indicate an invalid user (saved in req.user), must at least have an idYou can support extension/custom grants by implementing the extendedGrant method as outlined above.
Any requests that begin with http(s):// (as defined in the spec) will be passed to it for you to handle.
You can access the grant type via req.oauth.grantType and you should pass back supported as false if you do not support it to ensure a consistent (and compliant) response.
Copyright (c) 2013 NightWorld
Created by Thom Seddon
1.1.0
FAQs
Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
The npm package node-oauth2-server receives a total of 1,062 weekly downloads. As such, node-oauth2-server popularity was classified as popular.
We found that node-oauth2-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.