snap-oauth-2

SnapX-Oauth-2.0 lets users grant the access to the desired resources to third party applications (Job-Portal, rental services etc.), giving them the possibility to enable and disable those accesses whenever they want.

Usage no npm install needed!

<script type="module">
  import snapOauth2 from 'https://cdn.skypack.dev/snap-oauth-2';
</script>

README

SnapX-OAuth-2.0

Digital Identity on Blockchain

Introduction

SnapX-Oauth-2.0 lets users grant the access to the desired resources to third party applications (Job-Portal, rental services etc.), giving them the possibility to enable and disable those accesses whenever they want.

Requirements

The node client library is tested against the latest Node 8 LTS and newer versions.

To use in node 6 or 7, please use simple-oauth2@1.x. Older node versions are unsupported.

Getting started

Installation

Install the client library using npm:

npm install --save snap-oauth-2

Define a object of snapX class

// Initialize the snap-oauth-2 Library and set configuration
const snapX = require("snap-oauth-2");
const snapXObject = new snapX(
  "<client-id>",
  "<client-secret>",
  "<redirectUri)>"
);

Example of Usage

we will update it soon

SnapX-Oauth-2.0 Authorization Code flow

  • The Authorization Code flow is made up from two parts. At first your application(client) asks to the user for the permission to access their data. If the user approves, then SnapX-Oauth-2.0 server sends an authorization code to the client. In the second part, the client POST the authorization code along with its client secret to the SnapX-Oauth-2.0 server in order to get the access token along with refresh token.

  • After getting access token client can retreive resource owner's (user) information from resource server or calling specific api for that.

  • Access Token is generated by Snapx-Oauth-server will only be valid for given time so for renewal of access token client will need refresh token (received in previous step inside tokenObject) so calling refresh token api client will receive a new tokenObject and previously generated tokens (both refresh and access toke ) will be expired !

const snapX = require("snap-oauth-2");
const snapXObject = new snapX(
  '<client-id>',
  '<client-secret>',
  '<redirectUri)>'
);

To get access token using authorization code (received from SnapX-Oauth-2.0 server)

    snapXObject.getAccessToken(authorization_code).then(tokenObject => {
     //here you have tokenObject
  } catch((error)=>{
    //handle error from Oauth server
  })

To get userdata using accessToken ( received from SnapX-Oauth server )

snapXObject
  .getUserInfo(access_token)
  .then(userInfo => {
    // here is user's data
  })
  .catch(error => {
    //handle error from server
  });

To get userdata using authorization_code directly (received from SnapX-Oauth server)

snapXObject
  .getUserData(grantCode)
  .then(userData => {
    // here is user's data
  })
  .catch(error => {
    //handle error from server
  });

To renew access token using refresh token (received from SnapX-Oauth server)

snapXObject
  .renewAccessToken(refresh_token)
  .then(tokenObject => {
    // here is user's data
  })
  .catch(error => {
    //handle error from server
  });

TokenObject format

tokenObject = {
  access_token: {
    value: '<access_token>',
    refresh_token: '<refresh_token>',
    expires_in: '<expiry time in millisecods>',
  },
  token_type: "bearer",
};

Grant code generated by Snapx-Oauth-2 server after user consent will be valid for one time use only after using it for once, it will be expired.