Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A node library providing the bases to implement an OAuth2 client (as connect middleware)
tag: v0.0.1

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.

OAuth2 Client in Node


oauth2_client_node is a node library providing the bases to implement an OAuth2 client. It features a connect middleware to ease the integration with any other components.

It implements the OAuth2 web server schema as specified by the draft 10 of the OAuth2 specification.

This project will follow the specification evolutions, so a branch for the draft 11 will soon be created.

Similar projects

oauth2_client_node is developed together with:

  • oauth2_server_node, a connect middleware featuring an OAuth2 server bases.
  • auth_server, an authentication and authorization server in node (using both oauth2_client_node and oauth2_server_node).


There are two examples of usage in the examples directory, one using Facebook as OAuth2 server, and one using auth_server as OAuth2 server.

To create an OAuth2 client, you will need to to create an oauth2_client_node middleware using oauth2_client.connector. This method returns a connect middleware and takes as arguments:

  • config: hash containing:

    • base_url: The base URL of the OAuth2 client. Ex:
    • process_login_url: the URL where to the OAuth2 server must redirect the user when authenticated.
    • login_url: the URL where the user must go to be redirected to OAuth2 server for authentication.
    • logout_url: the URL where the user must go so that his session is cleared, and he is unlogged from client.
    • server_token_endpoint: full URL, OAuth2 server token endpoint.
    • default_redirection_url: default URL to redirect to after login / logout. Optional, default to '/'.
  • options: optional, hash containing:

    • valid_grant: a function which will replace the default one to check the grant is ok. You might want to use this shortcut if you have a faster way of checking than requesting the OAuth2 server with an HTTP request.
    • treat_access_token: a function which will replace the default one to do something with the access token. You will tipically use that function to set some info in session.
    • transform_token_response: a function which will replace the default one to obtain a hash containing the access_token from the OAuth2 server reply. This method should be provided if the OAuth2 server we are requesting does not return JSON encoded data but something else.

Once set and plug, the oauth2_client middleware will catch and answer requests aimed at the oauth2 client (login, logout and process_login endpoints).


oauth2_client_node uses nodetk, packaged via git submodules.

Projects using oauth2_client_node

A wiki page lists the projects using oauth2_client_node. Don't hesitate to edit it.


This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see

Something went wrong with that request. Please try again.