loopback-component-oauth2-server
This fork was tested on Loopback version 3.x.
The LoopBack oAuth 2.0 component provides full integration between OAuth 2.0 and LoopBack. It enables LoopBack applications to function as an oAuth 2.0 provider to authenticate and authorize client applications and/or resource owners (i.e. users) to access protected API endpoints. This fork allows you implement your own login logic.
The oAuth 2.0 protocol implementation is based on oauth2orize and passport.
See LoopBack Documentation - OAuth 2.0 Component for more information.
Install
Install the component as usual:
$ npm i loopback-component-oauth2-server -S
Config example
server/boot/oauth.js
module { var router = apploopback; var passport = ; var CustomStrategy = ; var oauth2 = var options = // custom user model userModel: 'user' applicationModel: 'OAuthClientApplication' // ------------------------------------- // Resource Server properties // ------------------------------------- resourceServer: true // used by modelBuilder, loopback-component-oauth2-server/models/index.js // Data source for oAuth2 metadata persistence dataSource: appdataSourcesdb // ------------------------------------- // Authorization Server properties // ------------------------------------- authorizationServer: true // path to mount the authorization endpoint authorizePath: '/oauth/authorize' // path to mount the token endpoint tokenPath: '/oauth/token' // backend api does not host the login page loginPage: '/oauth/login' loginPath: '/oauth/login' loginFailPage: '/oauth/login?fail' // grant types that should be enabled supportedGrantTypes: 'implicit' 'jwt' 'clientCredentials' 'authorizationCode' 'refreshToken' 'resourceOwnerPasswordCredentials' oauth2 router; router; passport; // Set up the login handler router; app;};
model-config.json
"user": { "dataSource": "db", "public": true, "options": { "remoting": { "sharedMethods": { "*": false, "logout": true } } } }, "OAuthAccessToken": { "dataSource": "db", "public": false, "relations": { "application": { "type": "belongsTo", "model": "OAuthClientApplication", "foreignKey": "appId" }, "user": { "type": "belongsTo", "model": "user", "foreignKey": "userId" } }, "options": { "remoting": { "sharedMethods": { "*": false } } } }, "OAuthAuthorizationCode": { "dataSource": "db", "public": false, "options": { "remoting": { "sharedMethods": { "*": false } } } }, "OAuthClientApplication": { "dataSource": "db", "public": false, "options": { "remoting": { "sharedMethods": { "*": false } } } }, "OAuthPermission": { "dataSource": "db", "public": false, "options": { "remoting": { "sharedMethods": { "*": false } } } }, "OAuthScopeMapping": { "dataSource": "db", "public": false, "options": { "remoting": { "sharedMethods": { "*": false } } } }, "OAuthScope": { "dataSource": "db", "public": false, "options": { "remoting": { "sharedMethods": { "*": false } } } },
common/models/user.json
"relations": { "accessTokens": { "type": "hasMany", "model": "OAuthAccessToken", "foreignKey": "userId", "options": { "disableInclude": true } } },
The app instance will be used to set up middleware and routes. The data source provides persistence for the oAuth 2.0 metadata models.
For more information, see OAuth 2.0 LoopBack component official documentation.