node package manager

passport-oauth2-code

passport-oauth2-code

OAuth 2.0 authorization code authentication strategy for Passport.

This module lets you authenticate requests containing a code in the request body, as defined by the OAuth 2.0 specification. These credentials are typically used protect the token endpoint that is running as a web service.

Install

$ npm install passport-oauth2-code

Usage

Configure Strategy

The OAuth 2.0 authorization code authentication strategy authenticates clients using a client ID and client secret. The strategy requires a verify callback, which accepts those credentials and calls done providing a client.

passport.use(new AuthorizationCodeStrategy(
  function(clientId, clientSecret, done) {
    Clients.findOne({ clientId: clientId }, function (err, client) {
      if (err) { return done(err); }
      if (!client) { return done(null, false); }
      if (client.clientSecret != clientSecret) { return done(null, false); }
      return done(null, client);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'oauth2-code' strategy, to authenticate requests.

For example, as route middleware in an Express application, using OAuth2orize middleware to implement the token endpoint:

app.get('/profile', 
  passport.authenticate('oauth2-code', { session: false }),
  oauth2orize.token());

Examples

The example included with OAuth2orize demonstrates how to implement a complete OAuth 2.0 authorization server. AuthorizationCodeStrategy is used to authenticate clients as they request access tokens from the token endpoint.

Tests

$ npm install --dev
$ make test

[![Build Status] Initial release.

Credits

License

The MIT License

Copyright (c) 2016 Mark Lesswing <mlessing@crt.realtors.org>