This project shows a provider which grants tokens in exchange for codes for
- The client application
- A user of the client application
git clone https://github.com/inamvar/auth-server.git
pushd auth-server
npm install
node app.js
Visit http://localhost:3000/login to see the server running locally.
Interacting with this provider directly doesn't showcase it's oauth2 functionality.
- Visiting
/
takes you to a blank page... not too interesting -
/login
will ask you for credentials.
- If you login before an oauth request you are taken directly to permission dialog when that request happens
- Otherwise you will be redirected here and then to the permission dialog
-
/account
will allow you to see your user details
Below is a mapping of the API in the context of a passport-strategy
-
/dialog/authorize
is theauthorizationURL
. -
/oauth/token
is thetokenURL
-
/api/userinfo
is a protected resource that requires user permission -
/api/clientinfo
is a protected resource that requires a token generated from the client's id and secret - Usage of
scope
is not demonstrated in this example.
The standalone usable resources are
-
GET /
nothing -
GET /login
lets you login, presented by/dialog/authorize
if you haven't logged in -
POST /login
processes the login -
GET /logout
lets you logout -
GET /account
lets your view your user info
And then some internal resources that are of no concern for standalone users or consumers
-
POST /dialog/authorize/decision
, processes the allow / deny