npm
Sign UpSign In

r-oauth2

0.2.3 • Public • Published

r-oauth2

OAuth2 in RethinkDB and 150 lines of code. For RethinkDBDash and Express.

By Chris Cates

Intended to be used with Express. R-OAuth2 is a non prescriptive method for storing sessions with OAuth2 protocol. It automatically generates your OAuth2 database and tables.

Features

  • HMAC SHA3 Cryptography.
  • BCrypt
  • Non prescriptive method.
  • Simple functions to restrict and authenticate endpoints.
  • 5 minute configuration and setup.

Installation

npm install r-oauth2 --save

Configuration and Example

The example below should walk you through how to create your own OAuth2 server.

If using bcrypt

  • When you go to the generateClient() endpoint. You have to supply a clientId clientSecret and grantType.
  • When you go to the generateToken() endpoint. You have to supply the original unencrypted clientSecret.
var r = require('rethinkdbdash')();
//Create database
require('rethink-config')({
  "r": r,
  "database": "oauth",
  "tables": ["users", "token"]
})
//Dependencies
var express = require('express');
var bodyParser = require('body-parser');
var oauth2 = require('../index');
// in real world you would do `var oauth2 = require('r-oauth2')`

//Initialize oauth2 module
oauth2.init({
  'r': r
});
/*
Alternatively you can supply a configuration object.
var config = {
  r: RethinkDBDash initialized object
  db: Desired database,
  oauthTable: Where OAuth clients are stored,
  tokenTable: Where Tokens are stored,
  expiry: Set how long until a token expires,
  bcrypt: Set bcrypt to be enabled true or false.
}
oauth2.init(config);
*/

app = express();
//Enable JSON to be parsed and passed in request.
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
    extended: true
}));

//Enable CORS - Note you need to add `Authorization` in the headers.
app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, authorization");
  res.header('Access-Control-Allow-Methods', 'POST, PATCH, GET, PUT, DELETE, OPTIONS');
  next();
});
/*
Generate a Client ID and Client Secret
All that's required in the body is `grantType`.
*/
app.post('/client', oauth2.generateClient());
/*
Generate an access token and refresh token
All that's required in is the client object supplied by `/client`
*/
app.post('/oauth', oauth2.generateToken());
/*
Generate a new token exchanging the old one
All that's required is the `refreshToken parameter`
*/
app.post('/refresh', oauth2.refreshToken());
/*
To access a restricted area you must put in your header `Authorization: Bearer [Access Token]`
*/
app.get('/restricted', oauth2.authenticate(), function(req,res,next) {
  res.send('Restricted area accessed.');
})

app.get('/', function(req,res,next) {
  res.send('Open area.');
})

app.listen(9001);
console.log("Demo server running on port 9001")

Demo

  • Demo can be found in /demo in this github repo.
  • You can run the mocha test by running.
  1. npm install in the /demo directory.
  2. sudo npm install mocha -g in the demo directory.
  3. npm start in the demo directory.
  4. In a new tab: npm test in the demo directory.

Note that you can alternatively run the server then use the postman collection to test the demo.

By Chris Cates

-- Thanks for checking out this npm module. Any questions, email me at 📫 chris@pilotinteractive.ca

Readme

Keywords

Package Sidebar

Install

npm i r-oauth2

Repository

github.com/PilotInteractive/r-oauth2

Homepage

github.com/PilotInteractive/r-oauth2.gitt#readme

Weekly Downloads

2

Version

0.2.3

License

MIT

Last publish

Collaborators

  • itschriscates
Try on RunKit
Report malware