Skip to content
OAuth 2.0 identity provider for Webmaker
JavaScript CSS Other
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.

OAuth 2.0 identity provider for Webmaker

Build Status Code Climate David-DM is an application with a hapi backend and react frontend that serves as the OAuth 2.0 identity provider for Webmaker, as well as several other Mozilla Foundation applications.


Up and Running

  1. Fork and clone this repository
  2. Navigate to the directory of the repository, e.g. cd
  3. npm install to install dependencies
  4. npm start
  5. Navigate your browser to http://localhost:1234


To run all tests run the following command

npm test

Front end tests

Front end tests can be run via mocha-phantom with npm run test:browser. You can also see the tests run in a browser if you run the app and visit /assets/tests.

How to add a new component test

Simply add it to the folder containing your component. The browser test command automatically requires all files matching *.test.jsx in the templates/ folder.


This project requires several environment variables be configured before it is able to run. It uses a library called habitat to load configuration from a .env file, as well as process and cli configuration.

A sample.env file is included with this repository. Create a copy of sample.env named .env to use the default configuration. See the "Up and Running" section above for more instructions on how to do this.

You can customize these variables by editing the .env file in the root directory of the repository.

You can configure the following environment variables:

Variable About
HOST host for this server. defaults to
PORT port of this server, defaults to 0 (a random port above 1024)
LOGINAPI fully qualified URL e.g.
OAUTH_DB JSON array of oauth clients e.g. [{"client_id":"test", "client_secret":"test", "redirect_uri":"http://localhost:3000/account"}]
AUTH_CODES JSON Object containing oauth auth codes for testing purposes e.g. {"authcode": {"client_id": "test", "user_id": "test", "scopes":"user", "expiresAt": 1428342423255 }}
ACCESS_TOKENS JSON array of testing access tokens e.g. {access_token: 'testAccessToken', client_id: 'test', user_id: 'test', scopes: 'user', expires_at: 1428342423255 }
COOKIE_SECRET A String value used to encrypt session cookies
SECURE_COOKIES set to true to indicate that the user agent should transmit the cookie only over a secure channel
URI The URI where the server is reachable at, used for reset email links
GA_TRACKING_ID The tracking ID is a string like UA-000000-01 more
GA_DEBUG if set to 'on' will enable debug logging to the console in react-ga
OPTIMIZELY_ID Optimizely Project ID (not a secret) e.g. '206878104'
OPTIMIZELY_ACTIVE If set to 'yes' (String) the project will include Optimizely snippet in the page load
REDIS_URL URL of a redis server to use for caching. If unset, an in-memory cache will be used instead.

Using OAuth2

For information on creating an OAuth2 application that relies on this server, see docs/

You can’t perform that action at this time.