passport-oauth2-code
OAuth 2.0 authorization code authentication strategy for Passport.
This module lets you authenticate requests containing a code in the request body, as defined by the OAuth 2.0 specification. These credentials are typically used protect the token endpoint that is running as a web service.
Install
$ npm install passport-oauth2-code
Usage
Configure Strategy
The OAuth 2.0 authorization code authentication strategy authenticates clients
using a client ID and client secret. The strategy requires a verify
callback,
which accepts those credentials and calls done
providing a client.
passport.use(new AuthorizationCodeStrategy(
function(clientId, clientSecret, done) {
Clients.findOne({ clientId: clientId }, function (err, client) {
if (err) { return done(err); }
if (!client) { return done(null, false); }
if (client.clientSecret != clientSecret) { return done(null, false); }
return done(null, client);
});
}
));
Authenticate Requests
Use passport.authenticate()
, specifying the 'oauth2-code'
strategy, to authenticate requests.
For example, as route middleware in an Express application, using OAuth2orize middleware to implement the token endpoint:
app.get('/profile',
passport.authenticate('oauth2-code', { session: false }),
oauth2orize.token());
Examples
The example
included with OAuth2orize
demonstrates how to implement a complete OAuth 2.0 authorization server.
AuthorizationCodeStrategy
is used to authenticate clients as they request access
tokens from the token endpoint.
Tests
$ npm install --dev
$ make test
[![Build Status] Initial release.
Credits
License
Copyright (c) 2016 Mark Lesswing <mlessing@crt.realtors.org>