oauth2provider
Simple, lightweight OAuth2 provider library for Node.js.
Our Promise
- Simple: Code is easy to read, understand, test and audit.
- Lightweight: No dependencies, code is as short as possible.
- Vanilla: No framework/middleware stuff here. We're straight to the point.
- Self-service: You get to store/authenticate/revoke credentials as you like.
Getting Started
Installation:
npm install oauth2provider
Usage:
var oauth2provider = ;
Generating OAuth2 client credentials (ID and secret):
var clientId = null;var clientSecret = null; oauth2provider;
Generating an OAuth2 authorization code:
var clientId = '1234'; // Provided by the client (e.g. via HTTPS query parameter).var scope = 'a scope'; // An optional access scope in the format of your choice.var state = 'a state'; // An unguessable random string. Use '' for no CSRF protection. // TODO: First verify `clientId` exists and ask your authenticated user to authorize `scope`.oauth2provider;
Generating an OAuth2 access token:
var clientId = '1234'; // Provided by the client (e.g. via HTTPS POST data).var clientSecret = '1234'; // This too. Always use encrypted connections!var code = '1234'; // This too.var state = 'a state'; // The same string used to get the code.var tokens = {}; // A collection of your choice, mapping token *hashes* to access scopes. // TODO: First verify `clientId` and `clientSecret` exist and match!oauth2provider;
Authenticating an OAuth2 access request:
var token = '1234'; // Provided by the client (e.g. via HTTPS Authorization header).var tokenHash = oauth2providerhashtoken; // Always use hashed tokens for authentication. if tokenHash in tokens var scope = tokenstokenHash; // Successfully authenticated! else // Invalid token, abort! return;
TODO
- Generate OAuth2 client ID + secret
- Generate OAuth2 authorization code
- Generate OAuth2 access token from an OAuth2 authorization code
- Document implementation details using this form
- Add tests