This project is a simple OAuth2 implementation server in NodeJS, supports authorization code grant type only.
NoobAuth supports Single Sign On (SSO) as well, some features are delivered based on my knowledge about Keycloak.
- NodeJS, Express are the main webserver components;
- EJS is the view engine, we need for login/logout views.
- Nedb - the embedded database - is used for fast and simple development. If you want to use a different database, you can adapt by changing code in the
repositiory
directory.
realm
: the top entity that users, clients are belonged to; has its own configurationsuser
: resource ownerclient
: client (webapp, native app, SPA app,...)user_session
: holds user's authorization grant, for SSO purposeclient_session
: holds client's authorized request, for SSO purposeaccess_token
: jwt, generate with RS256 algorithmrefresh_token
: revoke immediately after usingauth_code
: authorization code granted to client.auth_code = request_http_session_id + user_session_id + client_session_id
server_session
: the cookie for user-agent (web browser), for SSO purpose.server_session = realm_name + request_http_session_id + authenticated_user_id
metadata
: well-known configurations and key/cert information used.
To run NoobAuth, from the root directory of this project, run:
npm install
node index.js
You have to initialize realm, client and user before doing OAuth2 features. You can setup you environment with the test/test.js
file:
node test/test.js
testCreateRealm
,testCreateClient
andtestCreateUser
are the basic functions can help.
Authorization Code, if you want to implement other flows such as: Implicit, Client Credentials, Resource Owner Password Credentials, do it by yourself.
So grant_type
supported are: authorization_code
and refresh_token
.
response_type
supports only code
(for authorize
endpoint)
- Authorize Endpoint: /oauth2/{realm}/authorize
- Token Endpoint: /oauth2/{realm}/token
- UserInfo Endpoint: /oauth2/{realm}/userinfo
- Logout Endpoint: /oauth2/{realm}/logout
- Metadata Endpoint: /oauth2/{realm}/metadata
- JWKs URI: /oauth2/{realm}/certs
with {realm}
is the realm name you setup before.
For SSO feature, cookies noob-session
and request-session
are used in the web browsers, to define the user-session logged in.
Checkout:
- Java (Spring-boot application): noobauth-java-client
- NetCore: noobauth-net-client
- PHP: noobauth-php-client
- Implement with a distributed database server, for high availability support, such as: MariaDB;
force_tls
as a client option, for secured redirections.Authorized workflow
: Display a page show access request from clients. Users have to confirm here before go to the login page.Management APIs
for realms, configurations, clients management.Idp APIs
for users, roles, scopes management.
MIT