node package manager

oauth2-server

Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js

Complete, compliant and well tested module for implementing an OAuth2 server in node.js.

Quick Start

The node-oauth2-server module is framework-agnostic but there are several wrappers available for popular frameworks such as express and koa 2.

Using the express wrapper (recommended):

var express = require('express');
var oauthServer = require('express-oauth-server');
var app = express();
 
var oauth = new oauthServer({ model: model });
 
app.use(oauth.authenticate());
 
app.get('/', function (req, res) {
  res.send('Hello World');
})
 
app.listen(3000);

Using this module directly (for custom servers only):

var Request = require('oauth2-server').Request;
var oauthServer = require('oauth2-server');
 
var oauth = new oauthServer({ model: model });
 
var request = new Request({
  headers: { authorization: 'Bearer foobar' }
});
 
oauth.authenticate(request)
  .then(function(data) {
    // Request is authorized. 
  })
  .catch(function(e) {
    // Request is not authorized. 
  });

Note: see the documentation for the specification of what's required from the model.

Features

  • Supports authorization_code (with scopes), client_credentials, password, refresh_token and custom extension grant types.
  • Can be used with node-style callbacks, promises and ES6 async/await.
  • Fully RFC6749 and RFC6750 compliant.
  • Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis, etc.
  • Full test suite.

Documentation

Examples

Most users should refer to our express or koa examples. If you're implementing a custom server, we have many examples available:

  • A simple password grant authorization example.
  • A more complex password and refresh_token example.
  • An advanced password, refresh_token and authorization_code (with scopes) example.

Upgrading from 2.x

This module has been rewritten with a promise-based approach and introduced a few changes in the model specification.

Please refer to our 3.0 migration guide for more information.

MIT