Getting Started


oauth2-server is available via npm.

$ npm install oauth2-server


The oauth2-server module is framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express and Koa. If you’re using one of those frameworks it is strongly recommended to use the respective adapter module instead of rolling your own.


Quick Start


const OAuth2Server = require('oauth2-server');

const oauth = new OAuth2Server({
  model: require('./model')

Request and Response

const Request = OAuth2Server.Request;
const Response = OAuth2Server.Response;

let request = new Request({/*...*/});
let response = new Response({/*...*/});


oauth.authenticate(request, response)
  .then((token) => {
    // The request was successfully authenticated.
  .catch((err) => {
    // The request failed authentication.


const AccessDeniedError = require('oauth2-server/lib/errors/access-denied-error');

oauth.authorize(request, response)
  .then((code) => {
    // The resource owner granted the access request.
  .catch((err) => {
    if (err instanceof AccessDeniedError) {
      // The resource owner denied the access request.
    } else {
      // Access was not granted due to some other error condition.


oauth.token(request, response)
  .then((token) => {
    // The resource owner granted the access request.
  .catch((err) => {
    // The request was invalid or not authorized.