oauth2-server is available via npm.
$ npm install @node-oauth/oauth2-serverNote
The @node-oauth/oauth2-server module is framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express and Koa. If you're using one of those frameworks it is strongly recommended to use the respective adapter module instead of rolling your own.
- Supports
authorization code <AuthorizationCodeGrant>,client credentials <ClientCredentialsGrant>,refresh token <RefreshTokenGrant>andpassword <PasswordGrant>grant, as well asextension grants <ExtensionGrants>, with scopes. - Can be used with promises, ES6 generators and async/await.
- Fully
6749and6750compliant. - Implicitly supports any form of storage, e.g. PostgreSQL, MySQL, MongoDB, Redis, etc.
- Complete test suite.
/api/oauth2-server
const OAuth2Server = require('@node-oauth/oauth2-server');
const oauth = new OAuth2Server({
model: require('./model')
});/api/request and /api/response
const Request = OAuth2Server.Request;
const Response = OAuth2Server.Response;
let request = new Request({/*...*/});
let response = new Response({/*...*/});OAuth2Server#authenticate() <OAuth2Server#authenticate>
oauth.authenticate(request, response)
.then((token) => {
// The request was successfully authenticated.
})
.catch((err) => {
// The request failed authentication.
});OAuth2Server#authorize() <OAuth2Server#authorize>
const AccessDeniedError = require('@node-oauth/oauth2-server/lib/errors/access-denied-error');
oauth.authorize(request, response)
.then((code) => {
// The resource owner granted the access request.
})
.catch((err) => {
if (err instanceof AccessDeniedError) {
// The resource owner denied the access request.
} else {
// Access was not granted due to some other error condition.
}
});OAuth2Server#token() <OAuth2Server#token>
oauth.token(request, response)
.then((token) => {
// The resource owner granted the access request.
})
.catch((err) => {
// The request was invalid or not authorized.
});