Complete, compliant and well tested module for implementing an OAuth2 server in node.js.
Quick Start
The node-oauth2-server module is framework-agnostic but there are several wrappers available for popular frameworks such as express and koa.
Using the express wrapper (recommended):
var express = require('express'); var oauthserver = require('express-oauth-server'); var app = express(); var oauth = new oauthServer({ model: model }); app.use(oauth.authenticate()); app.get('/', function (req, res) { res.send('Hello World'); }) app.listen(3000);
Using this module directly (for custom servers only):
var Request = require('oauth2-server').Request; var oauthServer = require('oauth2-server'); var oauth = new oauthServer({ model: model }); var request = new Request({ headers: { authorization: 'Bearer foobar' } }); oauth.authenticate(request) .then(function(data) { // Request is authorized. }) .catch(function(e) { // Request is not authorized. });
Note: see the documentation for the specification of what's required from the model.
Features
- Supports
authorization_code(with scopes),client_credentials,password,refresh_tokenand customextensiongrant types. - Can be used with node-style callbacks, promises and ES6 async/await.
- Fully RFC6749 and RFC6750 compliant.
- Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis, etc.
- Full test suite.
Documentation
Examples
Most users should refer to our express or koa examples. If you're implementing a custom server, we have many examples available:
- A simple password grant authorization example.
- A more complex password and refresh_token example.
- An advanced password, refresh_token and authorization_code (with scopes) example.
Upgrading from 2.x
This module has been rewritten with a promise-based approach and introduced a few changes in the model specification.
Please refer to our 3.0 migration guide for more information.