Giter Club home page Giter Club logo

passport-oauth2-middleware's Introduction

Passport.js OAuth2 Middleware

NPM

Passport.js strategy that supports automatic OAuth2 refresh tokens and OAuth2 password workflow.

npm install passport-oauth2-middleware

Example (see this blog post)

var OAuth2Strategy = require('passport-oauth2'),
    LocalStrategy = require('passport-local').Strategy,
    OAuth2RefreshTokenStrategy = require('passport-oauth2-middleware').Strategy,
    passport = require('passport');

module.exports = function(app) {
  var refreshStrategy = new OAuth2RefreshTokenStrategy({
    refreshWindow: 10, // Time in seconds to perform a token refresh before it expires
    userProperty: 'ticket', // Active user property name to store OAuth tokens
    authenticationURL: '/login', // URL to redirect unathorized users to
    callbackParameter: 'callback' //URL query parameter name to pass a return URL
  });

  passport.use('main', refreshStrategy);  //Main authorization strategy that authenticates
                                          //user with stored OAuth access token
                                          //and performs a token refresh if needed

  var oauthStartegy = new OAuth2Strategy({
    authorizationURL: 'https://authserver/oauth2/auth',
    tokenURL: 'https://authserver/oauth2/token',
    clientID: 'clientID',
    clientSecret: 'clientSecret',
    callbackURL: '/oauth/callback',
    passReqToCallback: false //Must be omitted or set to false in order to work with OAuth2RefreshTokenStrategy
  },
    refreshStrategy.getOAuth2StrategyCallback() //Create a callback for OAuth2Strategy
  );

  passport.use('oauth', oauthStartegy); //Strategy to perform regular OAuth2 code grant workflow
  refreshStrategy.useOAuth2Strategy(oauthStartegy); //Register the OAuth strategy
                                                    //to perform OAuth2 refresh token workflow

  var localStrategy = new LocalStrategy({
    usernameField : 'username',
    passwordField : 'password'
  },
    refreshStrategy.getLocalStrategyCallback() //Create a callback for LocalStrategy
  );

  passport.use('local', localStrategy); //Strategy to perform a username/password login
  refreshStrategy.useLocalStrategy(localStrategy); //Register the LocalStrategy
                                                   //to perform an OAuth 'password' workflow

  //GET /login
  app.get('/login', function(req, res){
   var callback = req.query.callback || '/';

   if (req.isAuthenticated()) {
     return res.redirect(callback);
   }

   res.render('login_page');
  });

  //POST /login
  app.post('/login', function(req, res, next) {
   var callback = req.query.callback || '/profile';

   passport.authenticate('local', function(err, user, info) {
     if (err || !user) {
       res.render('login_page', {
         error: info ? info.message : 'Unable to login.',
         username: req.body.username
       });
       return next();
     }

     req.logIn(user, function(err) {
       if (err) {
         return next(err);
       }

       return res.redirect(callback);
     });
   })(req, res, next);
  });

  //GET /oauth
  app.get('/oauth', passport.authenticate('oauth'));

  //GET /oauth/callback
  app.get('/oauth/callback', passport.authenticate('oauth'), function(req, res) {
    res.redirect('/profile');
  });

  //GET /profile
  app.get('/profile',
  passport.authenticate('main'), function(req, res) {
   res.render('profile_page');
  });

  //GET /api/data
  app.get('/api/data',
  passport.authenticate('main', {
    noredirect: true //Don't redirect a user to the authentication page, just show an error
  }), function(req, res) {
    res.render('profile_page');
  });
};

passport-oauth2-middleware's People

Contributors

artema avatar ejadib avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.