Node application acting as an authentication and portable contacts provider (using OAuth2)
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Auth Server


auth_server is a node application acting as an authentication and portable contact server. It uses mongodb as DB.

It's a part of a project named turbulences for creating a distributed social network.

Based on oauth2_client_node and oauth2_server_node, it follows the draft 10 of the OAuth2 specification. As these projects evolve, auth_server will follow the OAuth2 specification evolutions.

The benefits are multiple:

  • there is only one application where Alice has to be registered (and so one set of credentials per user);
  • when developing a new application, there is no need to recreate all user registration process stuff, but only to plug the application to auth_server;

auth_server is functionnal (ie: users can sign in/out the the application and others applications using the service), but the administration interface lacks many features, including adding/editing user's contacts.

This project is alpha software, it might not be ready for production use yet.

Similar projects

auth_server is developed together with:



Make sure gettext (xgettext and msgfmt) are installed on your system, then:

make install
make update_js_templates

Run the tests

Make sure nodetk/bins is in your PATH environment variable and NODE_PATH environment variable includes node/lib directory. For more info on this, please have a look at the nodetk README file. (looks like 'npm install .' in vendor/nodetk should do the trick) Then:

nodetests src/tests

Updating templates

When updating the templates, they need to be "repackaged" for the web application. This can be done doing:

make update_js_templates

or, to skip the i18n process:

make skip

Load some testing data in DB

This command will load some testing data in the DB:

node src/scripts/load_data.js

Running the server

Tweak the config.js file to fit your needs, then:

node src/server.js


auth_server uses many other projects, including:

Projects and organizations using auth_server

A wiki page lists the projects and organizations using auth_server. Don't hesitate to edit it.



Obtaining End-User Authorization


Obtaining an Access Token



List clients

GET /clients

Create client

POST /clients

Update client

PUT /clients/:id

Delete client

DELETE /clients/:id

List users

GET /users

Update user password

POST /me/password

Portables contacts

We follow the the current specification of portables contacts.

All filtering/sorting are not available.

Example of a portable contact record:

  "displayName": "Foo Bar",
  "name": {
   "familyName": "Foo",
   "givenName": Bar"
  "id": "XXXX"

Get current user

GET /portable_contacts/@me/@self

$ curl --header "Authorization: OAuth TOKEN" /portable_contacts/@me/@self

Get all contacts from current user

GET /portable_contacts/@me/@all

$ curl --header "Authorization: OAuth TOKEN" /portable_contacts/@me/@all

Get one contact from current user

GET /portable_contacts/@me/@all/:id

$ curl --header "Authorization: OAuth TOKEN" /portable_contacts/@me/@all/:id

Create a contact

POST /portable_contacts/@me/@all

$ curl -X POST --header "Content-Type: application/json" --header "Authorization: OAuth TOKEN" /portable_contacts/@me/@all --data-binary @portable_contact.json

Update a contact

PUT /portable_contacts/@me/@all/:id

$ curl -X PUT --header "Content-Type: application/json" --header "Authorization: OAuth TOKEN" /portable_contacts/@me/@all/:id --data-binary @portable_contact.json

Delete a contact

DELETE /portable_contacts/@me/@all/:id

$ curl -X DELETE --header "Authorization: OAuth TOKEN" /portable_contacts/@me/@all/:id


  • 0.1.3

    Upgrade to mongoskin for the model layer.

  • 0.1.2

    Update doc and Makefile with latest change of npm.

    Fix index creation on mongodb.

  • 0.1.1

    Fix typo.

  • 0.1.0

    Remove authorizations.

    Add portable contacts api.

    Updated many dependencies.


(c) 2011 af83

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see