Node.js client library for OAuth2. OAuth2 allows users to grant access to restricted resources by third party applications, giving them the possibility to enable and disable those accesses whenever they want.
Simple OAuth2 grant classes accept an object with the following params.
-
client- required object with the following properties:id- Service registered client id. When required by the spec this value will be automatically encoded. Requiredsecret- Service registered client secret. When required by the spec this value will be automatically encoded. RequiredidParamName- Parameter name used to send the client id. Defaults to client_idsecretParamName- Parameter name used to send the client secret. Defaults to client_secret
-
auth- required object with the following properties:tokenHost- Base URL used to obtain access tokens. RequiredtokenPath- URL path to obtain access tokens (See url resolution notes). Defaults to /oauth/tokenrefreshPath- URL path to refresh access tokens (See url resolution notes). Defaults toauth.tokenPathrevokePath- URL path to revoke access tokens (See url resolution notes). Defaults to /oauth/revokeauthorizeHost- Base URL used to request an authorization code. Only valid for AuthorizationCode. Defaults toauth.tokenHostvalueauthorizePath- URL path to request an authorization code (See url resolution notes). Only valid for AuthorizationCode. Defaults to /oauth/authorize
-
httpoptional object used to set default options to the internal http library (wreck). All options except baseUrl are allowedjson: JSON response parsing mode. Defaults to strictredirectsNumber or redirects to follow. Defaults to false (no redirects)headersHttp headersacceptAcceptable http response content type. Defaults to application/jsonauthorizationAlways overriden by the library to properly send the required credentials on each scenario
-
optionsadditional options to setup how the module perform requestsscopeSeparatorScope separator character. Some providers may require a different separator. Defaults to empty spacecredentialsEncodingModeSetup how credentials are encoded whenoptions.authorizationMethodis header. Use loose if your provider doesn't conform to the OAuth 2.0 specification. Defaults to strictbodyFormat- Request's body data format. Valid options areformorjson. Defaults to formauthorizationMethod- Method used to send the client.id/client.secret authorization params at the token request. Valid options areheaderorbody. If set to body, the bodyFormat option will be used to format the credentials. Defaults to header
URL paths are relatively resolved to their corresponding host property using the Node WHATWG URL resolution algorithm.
This submodule provides support for the OAuth2 Authorization Code grant type.
Creates the authorization URL from the client configuration and the authorize options. The following are supported authorize options:
redirectURIString representing the registered application URI where the user is redirected after authenticationscopeString or array of strings representing the application privilegesstateString representing an opaque value used by the client to main the state between the request and the callback
Additional options will be automatically serialized as query params in the resulting URL.
Get a new access token using the current grant type.
paramscodeAuthorization code received by the callback URLredirectURIApplication callback URL[scope]Optional string or array including a subset of the original client scopes to request
Additional options will be automatically serialized as params for the token request.
httpOptionsAll wreck options can be overriden as documented by the modulehttpoptions.
Creates a new access token by providing a token object as specified by RFC6750.
This submodule provides support for the OAuth2 Resource Owner Password Credentials grant type.
Get a new access token using the current grant type.
paramsusernameUser identifierpasswordUser password[scope]Optional string or array including a subset of the original client scopes to request
Additional options will be automatically serialized as params for the token request.
httpOptionsAll wreck options can be overriden as documented by the modulehttpoptions.
Creates a new access token by providing a token object as specified by RFC6750.
This submodule provides support for the OAuth2 Client Credentials grant type.
Get a new access token using the current grant type.
params[scope]Optional string or array including a subset of the original client scopes to request
Additional options will be automatically serialized as params for the token request.
httpOptionsAll wreck options can be overriden as documented by the modulehttpoptions.
Creates a new access token by providing a token object as specified by RFC6750.
Determines if the current access token is definitely expired or not
expirationWindowSecondsWindow of time before the actual expiration to refresh the token. Defaults to 0.
Refreshes the current access token. The following params are allowed:
params[scope]Optional string or array including a subset of the original token scopes to request
httpOptionsAll wreck options can be overriden as documented by the modulehttpoptions.
Additional options will be automatically serialized as query params for the token request.
Revokes either the access or refresh token depending on the {tokenType} value. Token type can be one of: access_token or refresh_token.
httpOptionsAll wreck options can be overriden as documented by the modulehttpoptions.
Revokes both the current access and refresh tokens
httpOptionsAll wreck options can be overriden as documented by the modulehttpoptions.
Immutable object containing the token object provided while constructing a new access token instance. This property will usually have the schema as specified by RFC6750, but the exact properties may vary between authorization servers.
Please also note, that the current implementation will always add an expires_at property regardless of the authorization server response, as we require it to to provide the refresh token functionality.