Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
Clone or download
Latest commit 844d602 Aug 10, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples Update postgres example Jul 28, 2017
test Fixed integration tests, removed debug statements Aug 9, 2017
.gitignore Initial commit Nov 17, 2015
.jshintignore Initial commit Nov 17, 2015
.jshintrc Initial commit Nov 17, 2015
.travis.yml Updated travis to add 8.0 checks Aug 9, 2017
CHANGELOG.md Updated changelog Aug 9, 2017
LICENSE Initial commit Nov 17, 2015
Readme.md Update Readme.md Aug 9, 2017
index.js Fixed integration tests, removed debug statements Aug 9, 2017
package.json Bumped to 2.0.0 Aug 9, 2017

Readme.md

Express OAuth Server Build Status

Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js.

This is the express wrapper for oauth2-server.

Installation

$ npm install express-oauth-server

Quick Start

The module provides two middlewares - one for granting tokens and another to authorize them. express-oauth-server and, consequently oauth2-server, expect the request body to be parsed already. The following example uses body-parser but you may opt for an alternative library.

var bodyParser = require('body-parser');
var express = require('express');
var OAuthServer = require('express-oauth-server');

var app = express();

app.oauth = new OAuthServer({
  model: {}, // See https://github.com/oauthjs/node-oauth2-server for specification
});

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(app.oauth.authorize());

app.use(function(req, res) {
  res.send('Secret area');
});

app.listen(3000);

Options

var options = { 
  useErrorHandler: false, 
  continueMiddleware: false,
}
  • useErrorHandler (type: boolean default: false)

    If false, an error response will be rendered by this component. Set this value to true to allow your own express error handler to handle the error.

  • continueMiddleware (type: boolean default: false)

    The authorize() and token() middlewares will both render their result to the response and end the pipeline. next() will only be called if this is set to true.

    Note: You cannot modify the response since the headers have already been sent.

    authenticate() does not modify the response and will always call next()