node package manager
Orgs are free. Discover, share, and reuse code in your team. Create a free org ยป



OAuth 2.0 authorization code authentication strategy for Passport.

This module lets you authenticate requests containing a code in the request body, as defined by the OAuth 2.0 specification. These credentials are typically used protect the token endpoint that is running as a web service.


$ npm install passport-oauth2-code


Configure Strategy

The OAuth 2.0 authorization code authentication strategy authenticates clients using a client ID and client secret. The strategy requires a verify callback, which accepts those credentials and calls done providing a client.

passport.use(new AuthorizationCodeStrategy(
  function(clientId, clientSecret, done) {
    Clients.findOne({ clientId: clientId }, function (err, client) {
      if (err) { return done(err); }
      if (!client) { return done(null, false); }
      if (client.clientSecret != clientSecret) { return done(null, false); }
      return done(null, client);

Authenticate Requests

Use passport.authenticate(), specifying the 'oauth2-code' strategy, to authenticate requests.

For example, as route middleware in an Express application, using OAuth2orize middleware to implement the token endpoint:

  passport.authenticate('oauth2-code', { session: false }),


The example included with OAuth2orize demonstrates how to implement a complete OAuth 2.0 authorization server. AuthorizationCodeStrategy is used to authenticate clients as they request access tokens from the token endpoint.


$ npm install --dev
$ make test

[![Build Status] Initial release.



The MIT License

Copyright (c) 2016 Mark Lesswing <>