npm
Sign UpSign In

loopback-component-oauth2-server

1.0.1 • Public • Published

loopback-component-oauth2-server

This fork was tested on Loopback version 3.x.

The LoopBack oAuth 2.0 component provides full integration between OAuth 2.0 and LoopBack. It enables LoopBack applications to function as an oAuth 2.0 provider to authenticate and authorize client applications and/or resource owners (i.e. users) to access protected API endpoints. This fork allows you implement your own login logic.

The oAuth 2.0 protocol implementation is based on oauth2orize and passport.

See LoopBack Documentation - OAuth 2.0 Component for more information.

Install

Install the component as usual:

$ npm i loopback-component-oauth2-server -S

Config example

server/boot/oauth.js

module.exports = function(app) {
    var router = app.loopback.Router();
    var passport = require('passport');
    var CustomStrategy = require('passport-custom');
    var oauth2 = require('loopback-component-oauth2-server')
 
    var options = {
        // custom user model
        userModel: 'user',
        applicationModel: 'OAuthClientApplication',
        // -------------------------------------
        // Resource Server properties
        // -------------------------------------
        resourceServer: true,
 
        // used by modelBuilder, loopback-component-oauth2-server/models/index.js
        // Data source for oAuth2 metadata persistence
        dataSource: app.dataSources.db,
 
        // -------------------------------------
        // Authorization Server properties
        // -------------------------------------
        authorizationServer: true,
 
        // path to mount the authorization endpoint
        authorizePath: '/oauth/authorize',
 
        // path to mount the token endpoint
        tokenPath: '/oauth/token',
 
        // backend api does not host the login page
        loginPage: '/oauth/login',
        loginPath: '/oauth/login',
        loginFailPage: '/oauth/login?fail',
 
        // grant types that should be enabled
        supportedGrantTypes: [
            'implicit',
            'jwt',
            'clientCredentials',
            'authorizationCode',
            'refreshToken',
            'resourceOwnerPasswordCredentials'
        ]
    }
    oauth2.oAuth2Provider(
        app,
        options
    )
 
    router.get('/', function(req, res) {
        res.render('index');
    });
 
    router.get('/oauth/login', function(req, res) {
        res.render('login', {
            loginFailed: req.query && req.query.fail == '' ? true : false
        });
    });
 
    passport.use('loopback-oauth2-local', new CustomStrategy(
        function(req, callback) {
            // Do your custom user finding logic here, or set to false based on req object
            // verify user name, password 
 
            // findOrCreate local user 
 
            // return user
            callback(null, user);
        }
    ));
 
    // Set up the login handler
    router.post(options.loginPath || '/login',
        passport.authenticate('loopback-oauth2-local', {
            successReturnToOrRedirect: '/',
            passReqToCallback: true,
            failureRedirect: options.loginFailPage || '/login',
            failureFlash: true
        }));    
 
    app.use(router);
};

model-config.json

    "user": {
        "dataSource": "db",
        "public": true,
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false,
                    "logout": true
                }
            }
        }
    },
    "OAuthAccessToken": {
        "dataSource": "db",
        "public": false,
        "relations": {
            "application": {
                "type": "belongsTo",
                "model": "OAuthClientApplication",
                "foreignKey": "appId"
            },
            "user": {
                "type": "belongsTo",
                "model": "user",
                "foreignKey": "userId"
            }
        },
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false
                }
            }
        }
    },
    "OAuthAuthorizationCode": {
        "dataSource": "db",
        "public": false,
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false
                }
            }
        }
    },
    "OAuthClientApplication": {
        "dataSource": "db",
        "public": false,
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false
                }
            }
        }
    },
    "OAuthPermission": {
        "dataSource": "db",
        "public": false,
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false
                }
            }
        }
    },
    "OAuthScopeMapping": {
        "dataSource": "db",
        "public": false,
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false
                }
            }
        }
    },
    "OAuthScope": {
        "dataSource": "db",
        "public": false,
        "options": {
            "remoting": {
                "sharedMethods": {
                    "*": false
                }
            }
        }
    },

common/models/user.json

    "relations": {
        "accessTokens": {
            "type": "hasMany",
            "model": "OAuthAccessToken",
            "foreignKey": "userId",
            "options": {
                "disableInclude": true
            }
        }
    },

The app instance will be used to set up middleware and routes. The data source provides persistence for the oAuth 2.0 metadata models.

For more information, see OAuth 2.0 LoopBack component official documentation.

Readme

Keywords

Package Sidebar

Install

npm i loopback-component-oauth2-server

Repository

github.com/yahoohung/loopback-component-oauth2-server

Homepage

github.com/yahoohung/loopback-component-oauth2-server#readme

Weekly Downloads

2

Version

1.0.1

License

MIT

Last publish

Collaborators

  • yahoohung
Try on RunKit
Report malware