@codealpha/oauth2

POC oauth2 middleware

Usage no npm install needed!

<script type="module">
  import codealphaOauth2 from 'https://cdn.skypack.dev/@codealpha/oauth2';
</script>

README

Oauth2 Logo

OAuth2

OAuth2 is a proof of concept module using the OAuth2 RFC specification.

Uses the Authorization Code Grant Type w/ Bearer Token as an API firewall.

Disclaimer: This module is intended as an *INTERIM* placeholder until a more robust solution can be implemented ex: okta, auth0.

Installation

npm install --save @codealpha/oauth2

Example

import {oauth} from '@codealpha/oauth2'
const oauthConfig = {...}

const Server = async () => {
  const { authN, authZ } = await oauth(oauthConfig);

  app
    .use(express.static(path.join(__dirname, "public")))
    .use("/auth", authN)
    .use("/private/stuff", [
      authZ,
      (req, res) => {
        res.send({ message: "welcome VIP", data: ["a", 2, { b: true }] });
      },
    ])
    .listen(5000, () => {
      console.log(`OAuth2 Server started at http://localhost:5000`);
    });
};

Usage

authN

.use("/auth", authN)

"/ui":

  • OAuth2 User Interface

"/client":

  • data about the website using OAuth2

"/whoami":

  • user object

authZ

.use("/private/stuff", [
      authZ,
      (req, res) => {
        res.send({ message: "welcome VIP", data: ["a", 2, { b: true }] });
      },
    ])

ClientSide Callback workflow

Post login:

  1. client website recieves authCode.
  2. client website exchanges authCode for authToken.
  3. client website uses authToken to make API requests.

Configuration

const oauthConfig = {
  database: {
    type: "postgres",
    config: {
      user: "DATABASE_USERNAME",
      host: "DATABASE_HOST",
      password: "DATABASE_PASSWORD",
      port: 5432,
    },
  },
};
key Description Default
awsCredentialsPath the absolute file path to the AWS credentials.json file
mfaRequired a SMS code is required on login in addition to a username/password. false
emailSalt a bcrypt salt used to encrypt data at rest no encryption
database (required)
database.type type of database [string]
database.config configuration object specific to a database [Object]
client
client.name name of website using OAuth2 'OAuth2Placeholder'
client.website fqdn of website using OAuth2 'OAuth2Placeholder'
client.badgeUrl url of brand image used to customize OAuth2 pages
registrationWhitelist only allow a defined list of usernames to register any