Skip to content
OAuth 2 Server package
CoffeeScript JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.npm/package Bump version to 2.1.0 Jul 11, 2019
.gitignore Initial commit Dec 31, 2015
.versions Bump version to 2.1.0 Jul 11, 2019 Bump version to 2.1.0 Jul 11, 2019
LICENSE Initial commit Dec 31, 2015 bump version to 2.0.0 Dec 16, 2016 Allow refresh_token grantType Dec 15, 2016 Shorter code Jul 5, 2019
package.js Bump version to 2.1.0 Jul 11, 2019


This package is a implementation of the package node-oauth2-server for Meteor.

It implements the authorization_code and works like the Facebook's OAuth popup.


meteor add rocketchat:oauth2-server


Server implementation

  • Initialize the lib
  • Add routes to the default router
  • Implement an authenticated route


var oauth2server = new OAuth2Server({
  // You can change the collection names, the values
  // below are the default values.
  accessTokensCollectionName: 'oauth_access_tokens',
  refreshTokensCollectionName: 'oauth_refresh_tokens',
  clientsCollectionName: 'oauth_clients',
  authCodesCollectionName: 'oauth_auth_codes',
  // You can pass the collection object too
  // accessTokensCollection: new Meteor.Collection('custom_oauth_access_tokens'),
  // refreshTokensCollection: new Meteor.Collection('custom_oauth_refresh_tokens'),
  // clientsCollection: new Meteor.Collection('custom_oauth_clients'),
  // authCodesCollection: new Meteor.Collection('custom_oauth_auth_codes'),
  // You can enable some logs too
  debug: true

// Add the express routes of OAuth before the Meteor routes

// Add a route to return account information
oauth2server.routes.get('/account', oauth2server.oauth.authorise(), function(req, res, next) {
  var user = Meteor.users.findOne(;

    id: user._id,

Client/Pupup implementation


// Define the route to render the popup view
FlowRouter.route('/oauth/authorize', {
  action: function(params, queryParams) {
    BlazeLayout.render('authorize', queryParams);

// Subscribe the list of already authorized clients
// to auto accept
Template.authorize.onCreated(function() {

// Get the login token to pass to oauth
// This is the best way to identify the logged user
  getToken: function() {
    return localStorage.getItem('Meteor.loginToken');

// Auto click the submit/accept button if user already
// accepted this client
Template.authorize.onRendered(function() {
  var data =;
  this.autorun(function(c) {
    var user = Meteor.user();
    if (user && user.oauth && user.oauth.authorizedClients && user.oauth.authorizedClients.indexOf(data.client_id()) > -1) {


<template name="authorize">
  {{#if currentUser}}
    <form method="post" action="" role="form" class="{{#unless Template.subscriptionsReady}}hidden{{/unless}}">
      <input type="hidden" name="allow" value="yes">
      <input type="hidden" name="token" value="{{getToken}}">
      <input type="hidden" name="client_id" value="{{client_id}}">
      <input type="hidden" name="redirect_uri" value="{{redirect_uri}}">
      <input type="hidden" name="response_type" value="code">
      <button type="submit">Authorise</button>
    {{#unless Template.subscriptionsReady}}
    {{> loginButtons}}


.hidden {
  display: none;
You can’t perform that action at this time.