npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

simple-oauth-server

v1.0.6

Published

A simple implementation of OAuth 2 providing async hooks to call to your own services

Downloads

269

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mauricebutlermauricebutler

Keywords

simpleoauthserverclientcredentialsgrantoauth2CCGimplictauthorizationcodepassportauthom

Readme

Simple OAuth Server

This is based on OAuth but now supports error first, async calls for all service methods.

Installation

npm install simple-oauth-server

Usage

var OAuthServer = require('simple-oauth-server'),
oauthServer = new OAuthServer(
    clientService,
    tokenService,
    authorizationService,
    membershipService,
    3600,
    ['profile', 'status', 'avatar']
);

See Example for an actual usage senario

Expectations

You will need to construct the Simple OAuth Server object by passing in the following parameters.

  1. TokenService object with the below signature. This service is used to generate unique tokens and authentication codes.

     {
     generateToken: function(callback) {},  // callback error or a token
     generateAuthorizationCode: function(callback) {}  // callback error or a authorization code
 }

  2. ClientService object with the below signature. getById will be passed an ID and will be expected to pass a client object to the callback function.

     {
     getById: function(id, callback) {},  // callback error or a client object
     isValidRedirectUri: function(client, requestedUri) {}  // return true or false if the request uri is valid
 }

    A client object should have the following properties at a minimum:

     {
     id: '1',  // unique identifier
     secret: 'kittens',  // seceret key
     grantTypes: ['implicit', 'password', 'client_credentials', 'authorization_code']   // array of supported grant types
 }

    A client should also store valid redirect domain(s) to ensure the user is only redirected to valid domains. As this could be one or many and storage may differ the isValidRedirectUri function needs to be implemented as above.

  3. MembershipService object with the below signature.

     {
     areUserCredentialsValid: function(userName, password, scope, callback) {} // callback error or a boolean indicating of the credentals are valid
 }

    The membership service is only used if the password grant type is supported, if not it can be passed as null.

  4. An object passed in the authorizationService parameter with the following functions:

     {
     saveAuthorizationCode: function(codeData, callback) {},  // callback error or code object
     saveAccessToken: function(tokenData, callback) {},  // callback error or token object
     getAuthorizationCode: function(code, callback) {},  // callback error or code object
     getAccessToken: function(token, callback) {}  // callback error or token object
 }

    An authorization code object should have these properties at a minimum:

     {
     code: '2ac2ab84-bed8-4cd9-a255-54212074b7ce',  // complex unique identifier
     expiresDate: '2014-07-02T18:40:59.595Z'  // expiry date
 }

    A token object will have these properties when passed to the save function:

     {
     access_token: '9d357269-fe29-4ace-80b6-1ccc14744bd0',  // complex unique identifier
     expires_in: '2014-07-02T18:40:59.595Z'  // expiry date
     refresh_token: 'f961820e-ef0e-4ff9-8c89-bcebd95b2bda'  // optional complex unique identifier
 }

Example

Please refer to the example folder for a demonstration of using the server.

The example uses beeline as a simple router and node-uuid to generate example tokens, but Simple OAuth Server does not do any route handling or token creation itself.

To use the example please navigate into the folder and run npm install to install the modules needed for the example. (You will also need to npm install in the root project directory)

Below are some manual steps you can run to show the example code in action.

  1. Make a GET request to http://localhost:8080/oauth/authorize?client_id=1&response_type=code&redirect_uri=http://google.com&scope=profile

This will return an object similar to the below:

{
    "redirectUri": "http://google.com?code=d494bbe3-d7e7-4f46-a2c7-ba1b680cae6c&expires_in=3600&scope=profile,"
}
  1. Using the output from step 1, make a GET request to http://localhost:8080/oauth/token?client_id=1&grant_type=authorization_code&client_secret=kittens&code=[THE CODE FROM STEP 1]

This will return an object similar to the below:

{
    "token_type": "Bearer",
    "expires_in": "2014-06-29T18:49:00.332Z",
    "access_token": "a90cd0df-786d-4a8d-a7fc-5b6c7f08d555",
    "refresh_token": "2e1ae953-e1e6-439b-927f-7d4063760920"
}
  1. Using the output from step 2, make a GET request to http://localhost:8080/api/test with the Authorization header set to "Bearer [ACCESS TOKEN FROM STEP 2]"

This will return an object similar to the below:

{
    "isValid":true
}