Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
oauth2-server
Advanced tools
Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js
The oauth2-server npm package is a complete, compliant, and well-tested module for implementing an OAuth2 server in Node.js. It provides a framework for handling OAuth2 authorization and token requests, making it easier to secure APIs and manage user authentication.
Authorization Code Grant
This feature allows you to implement the Authorization Code Grant flow, which is one of the most common OAuth2 flows. The code sample demonstrates how to set up an endpoint to handle authorization requests.
const OAuth2Server = require('oauth2-server');
const Request = OAuth2Server.Request;
const Response = OAuth2Server.Response;
const oauth = new OAuth2Server({
model: require('./model')
});
app.post('/authorize', (req, res) => {
const request = new Request(req);
const response = new Response(res);
oauth.authorize(request, response)
.then((authorizationCode) => {
res.json(authorizationCode);
}).catch((err) => {
res.status(err.code || 500).json(err);
});
});
Token Grant
This feature allows you to implement the Token Grant flow, which is used to exchange an authorization code for an access token. The code sample demonstrates how to set up an endpoint to handle token requests.
app.post('/token', (req, res) => {
const request = new Request(req);
const response = new Response(res);
oauth.token(request, response)
.then((token) => {
res.json(token);
}).catch((err) => {
res.status(err.code || 500).json(err);
});
});
Resource Server
This feature allows you to protect your API endpoints by requiring a valid access token. The code sample demonstrates how to set up an endpoint that requires authentication.
app.get('/secure', (req, res) => {
const request = new Request(req);
const response = new Response(res);
oauth.authenticate(request, response)
.then((token) => {
res.json({ message: 'Secure data' });
}).catch((err) => {
res.status(err.code || 500).json(err);
});
});
passport-oauth2 is a strategy for Passport, the popular authentication middleware for Node.js. It allows you to authenticate using OAuth2 in your applications. Compared to oauth2-server, passport-oauth2 is more focused on client-side authentication and integrating with third-party OAuth2 providers, whereas oauth2-server is designed for building your own OAuth2 server.
simple-oauth2 is a lightweight library for integrating OAuth2 in Node.js applications. It provides a simple API for obtaining access tokens and refreshing them. While simple-oauth2 is great for client-side OAuth2 flows, it does not provide the full server-side capabilities that oauth2-server offers.
node-oauth2-server is another implementation of an OAuth2 server for Node.js. It is similar to oauth2-server in terms of functionality and API design. Both packages are designed to help you build a compliant OAuth2 server, but node-oauth2-server may have different design choices and community support.
Complete, compliant and well tested module for implementing an OAuth2 server in Node.js.
Note: After a period of hiatus, this project is now back under active maintenance. Dependencies have been updated and bug fixes will land in v3 (current master). v4 will be mostly backwards compatible with no code changes required for users using a supported node release. More details in #621.
npm install oauth2-server
The oauth2-server module is framework-agnostic but there are several officially supported wrappers available for popular HTTP server frameworks such as Express and Koa. If you're using one of those frameworks it is strongly recommended to use the respective wrapper module instead of rolling your own.
authorization_code
, client_credentials
, refresh_token
and password
grant, as well as extension grants, with scopes.Documentation is hosted on Read the Docs.
Most users should refer to our Express or Koa examples.
More examples can be found here: https://github.com/14gasher/oauth-example
This module has been rewritten using a promise-based approach, introducing changes to the API and model specification. v2.x is no longer supported.
Please refer to our 3.0 migration guide for more information.
To run the test suite, install dependencies, then run npm test
:
npm install
npm test
FAQs
Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js
The npm package oauth2-server receives a total of 399,526 weekly downloads. As such, oauth2-server popularity was classified as popular.
We found that oauth2-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.