/node-oauth2-server

Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js

Primary LanguageJavaScriptMIT LicenseMIT

Complete, compliant and well tested module for implementing an OAuth2 server in node.js.

NPM Version Build Status NPM Downloads

Quick Start

The node-oauth2-server module is framework-agnostic but there are several wrappers available for popular frameworks such as express and koa.

Using the express wrapper (recommended):

var express = require('express');
var oauthServer = require('express-oauth-server');
var app = express();

var oauth = new oauthServer({ model: model });

app.use(oauth.authenticate());

app.get('/', function (req, res) {
  res.send('Hello World');
})

app.listen(3000);

Using this module directly (for custom servers only):

var Request = require('oauth2-server').Request;
var oauthServer = require('oauth2-server');

var oauth = new oauthServer({ model: model });

var request = new Request({
  headers: { authorization: 'Bearer foobar' }
});

oauth.authenticate(request)
  .then(function(data) {
    // Request is authorized.
  })
  .catch(function(e) {
    // Request is not authorized.
  });

Note: see the documentation for the specification of what's required from the model.

Features

  • Supports authorization_code (with scopes), client_credentials, password, refresh_token and custom extension grant types.
  • Can be used with node-style callbacks, promises and ES6 async/await.
  • Fully RFC6749 and RFC6750 compliant.
  • Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis, etc.
  • Full test suite.

Documentation

Examples

Most users should refer to our express or koa examples. If you're implementing a custom server, we have many examples available:

  • A simple password grant authorization example.
  • A more complex password and refresh_token example.
  • An advanced password, refresh_token and authorization_code (with scopes) example.

Upgrading from 2.x

This module has been rewritten with a promise-based approach and introduced a few changes in the model specification.

Please refer to our 3.0 migration guide for more information.

License

MIT