JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 129076
  • Score
    100M100P100Q185568F
  • License MIT

Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js

Package Exports

  • oauth2-server
  • oauth2-server/lib/errors/access-denied-error
  • oauth2-server/lib/errors/invalid-argument-error
  • oauth2-server/lib/errors/server-error
  • oauth2-server/lib/errors/unauthorized-request-error

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (oauth2-server) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Complete, compliant and well tested module for implementing an OAuth2 server in node.js.

NPM Version Build Status NPM Downloads

Quick Start

The node-oauth2-server module is framework-agnostic but there are several wrappers available for popular frameworks such as express and koa 2.

Using the express wrapper (recommended):

var express = require('express');
var oauthServer = require('express-oauth-server');
var app = express();

var oauth = new oauthServer({ model: model });

app.use(oauth.authenticate());

app.get('/', function (req, res) {
  res.send('Hello World');
})

app.listen(3000);

Using this module directly (for custom servers only):

var Request = require('oauth2-server').Request;
var oauthServer = require('oauth2-server');

var oauth = new oauthServer({ model: model });

var request = new Request({
  headers: { authorization: 'Bearer foobar' }
});

oauth.authenticate(request)
  .then(function(data) {
    // Request is authorized.
  })
  .catch(function(e) {
    // Request is not authorized.
  });

Note: see the documentation for the specification of what's required from the model.

Features

  • Supports authorization_code (with scopes), client_credentials, password, refresh_token and custom extension grant types.
  • Can be used with node-style callbacks, promises and ES6 async/await.
  • Fully RFC6749 and RFC6750 compliant.
  • Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis, etc.
  • Full test suite.

Documentation

Examples

Most users should refer to our express or koa examples. If you're implementing a custom server, we have many examples available:

  • A simple password grant authorization example.
  • A more complex password and refresh_token example.
  • An advanced password, refresh_token and authorization_code (with scopes) example.

Upgrading from 2.x

This module has been rewritten with a promise-based approach and introduced a few changes in the model specification.

Please refer to our 3.0 migration guide for more information.

License

MIT