Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A simple customizable OAuth 2.0 provider (server) for node.js.
JavaScript
branch: master

Merge pull request #41 from yosssi/master

Fixed the typo error of the README.md.
latest commit 86e8ae1202
@ammmir authored
Failed to load latest commit information.
examples
test Make OAuth endpoints customizable and add new-style constructor.
.gitignore added .gitignore for node_modules
LICENSE Update copyright year.
README.md Merge pull request #41 from yosssi/master
index.js Removing underscore dependency
makefile addresses #3 started creating unit tests for emitting events. created…
package.json Removing underscore dependency

README.md

OAuth 2 Provider for Connect & Express

This is a node.js module for implementing OAuth2 servers (providers) that support server-side (code) and client-side (token) OAuth flows.

It's very customizable, so you can (and currently, must) take care of OAuth token storage and client lists. In the future, a Mongo or Redis backed abstraction will be provided so you don't need to care about any kind of storage at all.

Using it with npm

If you're using this module via npm, please be sure the bracket the version in your app's package.json file. Major versions may have an incompatible API that's not backwards-compatible, so use a safe version range under dependencies (eg. for version 1.x):

"oauth2-provider": "1.x"

Quick Start

Install via npm:

npm install oauth2-provider

You can add it to your Connect or Express application as another middleware. Be sure to enable the bodyParser and query middleware.

The OAuth2Provider instance providers two middleware:

  • oauth(): OAuth flow entry and access token generation
  • login(): Access control for protected resources

The most important event emitted by OAuth2Provider is access_token, which lets you set up the request as if it were authenticated. For example, to support both cookie-authenticated and OAuth access to protected URLs, you could populate req.session.user so that individual URLs don't need to care about which type of authentication was used.

To support client authentication (sometimes known as xAuth) for trusted clients, handle the client_auth event to exchange a username and password for an access token. See examples/simple_express4/app.js.

Example

Within the examples sub-folder matching your preferred version of Express (for example, examples/simple_express4), run npm install and then run:

node app.js

Visit http://localhost:8081/login to gain access to http://localhost:8081/secret or use OAuth to obtain an access token as a code (default) or a token (in the URL hash):

Running tests

Install dev dependencies:

$ npm install -d

Run the tests:

$ make test
Something went wrong with that request. Please try again.