Getting Started

Installation

oauth2-server is available via npm.

$ npm install oauth2-server

Note

The oauth2-server module is framework-agnostic but there are several officially supported adapters available for popular HTTP server frameworks such as Express and Koa. If you’re using one of those frameworks it is strongly recommended to use the respective adapter module instead of rolling your own.

Features

• Supports authorization code, client credentials, refresh token and password grant, as well as extension grants, with scopes.
• Can be used with promises, Node-style callbacks, ES6 generators and async/await (using Babel).
• Fully RFC 6749 and RFC 6750 compliant.
• Implicitly supports any form of storage, e.g. PostgreSQL, MySQL, MongoDB, Redis, etc.
• Complete test suite.

Quick Start

OAuth2Server

const OAuth2Server = require('oauth2-server');

const oauth = new OAuth2Server({
  model: require('./model')
});

Request and Response

const Request = OAuth2Server.Request;
const Response = OAuth2Server.Response;

let request = new Request({/*...*/});
let response = new Response({/*...*/});

OAuth2Server#authenticate()

oauth.authenticate(request, response)
  .then((token) => {
    // The request was successfully authenticated.
  })
  .catch((err) => {
    // The request failed authentication.
  });

OAuth2Server#authorize()

const AccessDeniedError = require('oauth2-server/lib/errors/access-denied-error');

oauth.authorize(request, response)
  .then((code) => {
    // The resource owner granted the access request.
  })
  .catch((err) => {
    if (err instanceof AccessDeniedError) {
      // The resource owner denied the access request.
    } else {
      // Access was not granted due to some other error condition.
    }
  });

OAuth2Server#token()

oauth.token(request, response)
  .then((token) => {
    // The resource owner granted the access request.
  })
  .catch((err) => {
    // The request was invalid or not authorized.
  });