GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jaredhanson → Oauth2orize

jaredhanson / Oauth2orize

Licence: mit
OAuth 2.0 authorization server toolkit for Node.js.

Programming Languages

javascript
184084 projects - #8 most used programming language
Makefile
30231 projects

Labels

oauth2expressoauth2orize

Projects that are alternatives of or similar to Oauth2orize

thirdparty oauth
这是一个全面的php第三方授权登录扩展包 目前支持github、gitee、微博、gitlab、qq、microsoft 微信、小米、google、华为、line、抖音 等第三方登录
Stars: ✭ 25 (-99.24%)
Mutual labels:  oauth2
Hiauth
HiAuth是一个开源的基于Oauth2协议的认证、授权系统。
Stars: ✭ 273 (-91.66%)
Mutual labels:  oauth2
Tkey
以材料最全、示例最多为目标的单点登录系统(SSO)
Stars: ✭ 295 (-90.99%)
Mutual labels:  oauth2
Timeliner
In general, Timeliner obtains items from data sources and stores them in a timeline.
Stars: ✭ 2,911 (-11.06%)
Mutual labels:  oauth2
Oauthswift
Swift based OAuth library for iOS
Stars: ✭ 2,949 (-9.9%)
Mutual labels:  oauth2
Graphik
Graphik is a Backend as a Service implemented as an identity-aware document & graph database with support for gRPC and graphQL
Stars: ✭ 277 (-91.54%)
Mutual labels:  oauth2
hanzo-cloud
SpringCloud(Hoxton.SR5) + SpringBoot(2.3.0.RELEASE)的 SaaS型微服务后端脚手架。授权中心开发完毕。文档地址:https://www.kancloud.cn/hanzo/hanzo
Stars: ✭ 15 (-99.54%)
Mutual labels:  oauth2
Caddy Auth Portal
Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication
Stars: ✭ 291 (-91.11%)
Mutual labels:  oauth2
Yfax Parent
SprintBoot开发的Rest API接口项目实战,集成了拦截器,日志处理,mysql,mybatis, oauth2.0, spring secutity等,已投入生产线上使用。应用了https://github.com/hemin1003/spring-boot-study 所含功能。配套的后台管理系统实战见:https://github.com/hemin1003/aylson-parent
Stars: ✭ 271 (-91.72%)
Mutual labels:  oauth2
Oauth2 Client
Easy integration with OAuth 2.0 service providers.
Stars: ✭ 3,182 (-2.78%)
Mutual labels:  oauth2
Reservoir
A back end for your front end: a content repository. Powered by Drupal 8, JSON API and OAuth2.
Stars: ✭ 262 (-92%)
Mutual labels:  oauth2
Oauth2 Google
Google Provider for the OAuth 2.0 Client
Stars: ✭ 268 (-91.81%)
Mutual labels:  oauth2
Cola Cloud
Cola Cloud 基于 Spring Boot, Spring Cloud 构建微服务架构企业级开发平台,集成OAuth2认证、集成短信验证码登录、微信小程序登录、FlyWay数据库版本管理、网关集成Swagger聚合所有服务API文档。基于SpringBootAdmin集成Hystrix、Turbine监控。开发用户中心、权限管理、组织架构、数据字典、消息中心、通知中心等模块。基于MyBatisPlus Generator 开发代码生成器
Stars: ✭ 285 (-91.29%)
Mutual labels:  oauth2
OAuth2.0-demo-nodejs
A sample demo app to showcase the OAuth2.0 and openID Connect authorization workflows using an express app
Stars: ✭ 23 (-99.3%)
Mutual labels:  oauth2
Serendipity
Serendipity is an open source Customer Engagement Platform
Stars: ✭ 297 (-90.93%)
Mutual labels:  oauth2
disco-oauth
A library for easing the use of https://discordapp.com 's OAuth2 API
Stars: ✭ 30 (-99.08%)
Mutual labels:  oauth2
Firefly
Firefly is an asynchronous web framework for rapid development of high-performance web application.
Stars: ✭ 277 (-91.54%)
Mutual labels:  oauth2
Oxauth
OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)
Stars: ✭ 308 (-90.59%)
Mutual labels:  oauth2
Jpproject.identityserver4.sso
🔒 ASP.NET Core 3.1 Open Source SSO. Built within IdentityServer4 🔑
Stars: ✭ 298 (-90.9%)
Mutual labels:  oauth2
Glewlwyd
Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
Stars: ✭ 292 (-91.08%)
Mutual labels:  oauth2
View All Similar Projects ➔

OAuth2orize

OAuth2orize is an authorization server toolkit for Node.js. It provides a suite of middleware that, combined with Passport authentication strategies and application-specific route handlers, can be used to assemble a server that implements the OAuth 2.0 protocol.

Advertisement
Node.js API Masterclass With Express & MongoDB
Create a real world backend for a bootcamp directory app

Status: Build Coverage Dependencies

Install

$ npm install oauth2orize

Usage

OAuth 2.0 defines an authorization framework, allowing an extensible set of authorization grants to be exchanged for access tokens. Implementations are free to choose what grant types to support, by using bundled middleware to support common types or plugins to support extension types.

Create an OAuth Server

Call createServer() to create a new OAuth 2.0 server. This instance exposes middleware that will be mounted in routes, as well as configuration options.

var server = oauth2orize.createServer();

Register Grants

A client must obtain permission from a user before it is issued an access token. This permission is known as a grant, the most common type of which is an authorization code.

server.grant(oauth2orize.grant.code(function(client, redirectURI, user, ares, done) {
  var code = utils.uid(16);

  var ac = new AuthorizationCode(code, client.id, redirectURI, user.id, ares.scope);
  ac.save(function(err) {
    if (err) { return done(err); }
    return done(null, code);
  });
}));

OAuth2orize also bundles support for implicit token grants.

Register Exchanges

After a client has obtained an authorization grant from the user, that grant can be exchanged for an access token.

server.exchange(oauth2orize.exchange.code(function(client, code, redirectURI, done) {
  AuthorizationCode.findOne(code, function(err, code) {
    if (err) { return done(err); }
    if (client.id !== code.clientId) { return done(null, false); }
    if (redirectURI !== code.redirectUri) { return done(null, false); }

    var token = utils.uid(256);
    var at = new AccessToken(token, code.userId, code.clientId, code.scope);
    at.save(function(err) {
      if (err) { return done(err); }
      return done(null, token);
    });
  });
}));

OAuth2orize also bundles support for password and client credential grants. Additionally, bundled refresh token support allows expired access tokens to be renewed.

Implement Authorization Endpoint

When a client requests authorization, it will redirect the user to an authorization endpoint. The server must authenticate the user and obtain their permission.

app.get('/dialog/authorize',
  login.ensureLoggedIn(),
  server.authorize(function(clientID, redirectURI, done) {
    Clients.findOne(clientID, function(err, client) {
      if (err) { return done(err); }
      if (!client) { return done(null, false); }
      if (client.redirectUri != redirectURI) { return done(null, false); }
      return done(null, client, client.redirectURI);
    });
  }),
  function(req, res) {
    res.render('dialog', { transactionID: req.oauth2.transactionID,
                           user: req.user, client: req.oauth2.client });
  });

In this example, connect-ensure-login middleware is being used to make sure a user is authenticated before authorization proceeds. At that point, the application renders a dialog asking the user to grant access. The resulting form submission is processed using decision middleware.

app.post('/dialog/authorize/decision',
   login.ensureLoggedIn(),
   server.decision());

Based on the grant type requested by the client, the appropriate grant module registered above will be invoked to issue an authorization code.

Session Serialization

Obtaining the user's authorization involves multiple request/response pairs. During this time, an OAuth 2.0 transaction will be serialized to the session. Client serialization functions are registered to customize this process, which will typically be as simple as serializing the client ID, and finding the client by ID when deserializing.

server.serializeClient(function(client, done) {
  return done(null, client.id);
});

server.deserializeClient(function(id, done) {
  Clients.findOne(id, function(err, client) {
    if (err) { return done(err); }
    return done(null, client);
  });
});

Implement Token Endpoint

Once a user has approved access, the authorization grant can be exchanged by the client for an access token.

app.post('/token',
  passport.authenticate(['basic', 'oauth2-client-password'], { session: false }),
  server.token(),
  server.errorHandler());

Passport strategies are used to authenticate the client, in this case using either an HTTP Basic authentication header (as provided by passport-http) or client credentials in the request body (as provided by passport-oauth2-client-password).

Based on the grant type issued to the client, the appropriate exchange module registered above will be invoked to issue an access token. If an error occurs, errorHandler middleware will format an error response.

Implement API Endpoints

Once an access token has been issued, a client will use it to make API requests on behalf of the user.

app.get('/api/userinfo', 
  passport.authenticate('bearer', { session: false }),
  function(req, res) {
    res.json(req.user);
  });

In this example, bearer tokens are issued, which are then authenticated using an HTTP Bearer authentication header (as provided by passport-http-bearer)

Examples

This example demonstrates how to implement an OAuth service provider, complete with protected API access.

Related Modules

Debugging

oauth2orize uses the debug module. You can enable debugging messages on the console by doing export DEBUG=oauth2orize before running your application.

License

The MIT License

Copyright (c) 2012-2021 Jared Hanson <https://www.jaredhanson.me/>

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].