README
OAuth2
OAuth2 is a proof of concept module using the OAuth2 RFC specification.
Uses the Authorization Code Grant Type w/ Bearer Token as an API firewall.
Disclaimer: This module is intended as an *INTERIM* placeholder until a more robust solution can be implemented ex: okta, auth0.
Installation
npm install --save @codealpha/oauth2
Example
import {oauth} from '@codealpha/oauth2'
const oauthConfig = {...}
const Server = async () => {
const { authN, authZ } = await oauth(oauthConfig);
app
.use(express.static(path.join(__dirname, "public")))
.use("/auth", authN)
.use("/private/stuff", [
authZ,
(req, res) => {
res.send({ message: "welcome VIP", data: ["a", 2, { b: true }] });
},
])
.listen(5000, () => {
console.log(`OAuth2 Server started at http://localhost:5000`);
});
};
Usage
authN
.use("/auth", authN)
"/ui":
- OAuth2 User Interface
"/client":
- data about the website using OAuth2
"/whoami":
- user object
authZ
.use("/private/stuff", [
authZ,
(req, res) => {
res.send({ message: "welcome VIP", data: ["a", 2, { b: true }] });
},
])
ClientSide Callback workflow
Post login:
- client website recieves
authCode
. - client website exchanges
authCode
forauthToken
. - client website uses
authToken
to make API requests.
Configuration
const oauthConfig = {
database: {
type: "postgres",
config: {
user: "DATABASE_USERNAME",
host: "DATABASE_HOST",
password: "DATABASE_PASSWORD",
port: 5432,
},
},
};
key | Description | Default |
---|---|---|
awsCredentialsPath | the absolute file path to the AWS credentials.json file | |
mfaRequired | a SMS code is required on login in addition to a username/password. | false |
emailSalt | a bcrypt salt used to encrypt data at rest | no encryption |
database (required) | ||
database.type | type of database | [string] |
database.config | configuration object specific to a database | [Object] |
client | ||
client.name | name of website using OAuth2 | 'OAuth2Placeholder' |
client.website | fqdn of website using OAuth2 | 'OAuth2Placeholder' |
client.badgeUrl | url of brand image used to customize OAuth2 pages | |
registrationWhitelist | only allow a defined list of usernames to register | any |