Complete, compliant and well tested module for implementing an OAuth2 server in node.js.
The node-oauth2-server module is framework-agnostic but there are several wrappers available for popular frameworks such as express and koa 2.
Using the express wrapper (recommended):
var express = require('express');
var oauthServer = require('express-oauth-server');
var app = express();
var oauth = new oauthServer({ model: model });
app.use(oauth.authenticate());
app.get('/', function (req, res) {
res.send('Hello World');
})
app.listen(3000);
Using this module directly (for custom servers only):
var Request = require('oauth2-server').Request;
var oauthServer = require('oauth2-server');
var oauth = new oauthServer({ model: model });
var request = new Request({
headers: { authorization: 'Bearer foobar' }
});
oauth.authenticate(request)
.then(function(data) {
// Request is authorized.
})
.catch(function(e) {
// Request is not authorized.
});
Note: see the documentation for the specification of what's required from the model.
- Supports
authorization_code
(with scopes),client_credentials
,password
,refresh_token
and customextension
grant types. - Can be used with node-style callbacks, promises and ES6 async/await.
- Fully RFC6749 and RFC6750 compliant.
- Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis, etc.
- Full test suite.
Most users should refer to our express or koa examples. If you're implementing a custom server, we have many examples available:
- A simple password grant authorization example.
- A more complex password and refresh_token example.
- An advanced password, refresh_token and authorization_code (with scopes) example.
This module has been rewritten with a promise-based approach and introduced a few changes in the model specification.
Please refer to our 3.0 migration guide for more information.