Awesome Open Source
Awesome Open Source

egg-oauth2-server

NPM version build status Test coverage David deps Known Vulnerabilities npm download

Chinese Example | 中文样例教程(注意:文章里使用的是该插件 v1.x 版本,部分 API 名称有变化,主要流程一致)

egg-oauth2-server is a module that easily adds oauth2 capability to egg-based servers.

  • egg 2.x use egg-oauth2-server latest (Node >= 8.0.0)
  • egg 1.x use egg-oauth2-server 2.0.x (Node >= 6.0.0)

Install

$ npm i egg-oauth2-server --save

Usage

// {app_root}/config/plugin.js
exports.oAuth2Server = {
  enable: true,
  package: 'egg-oauth2-server',
};

// {app_root}/app/router.js
app.all('/user/token', app.oAuth2Server.token());
app.get('/user/authorize', app.oAuth2Server.authorize(), 'user.code');
app.get('/user/authenticate', app.oAuth2Server.authenticate(), 'user.authenticate');

// `ctx.state.oauth` has token or code data after middleware for controller.
// {app_root}/config/config.default.js
module.exports = config => {
  const exports = {};
  exports.oAuth2Server = {
    debug: config.env === 'local',
    grants: [ 'password' ],
  };
  return exports;
};

See test/fixtures/apps/oauth2-server-test/config/config.unittest.js for reference.

// {app_root}/app/extend/oauth.js
// or {app_root}/app/extend/oauth.ts
'use strict';

// need implement some follow functions
module.exports = app => {  
  class Model {
    constructor(ctx) {}
    async getClient(clientId, clientSecret) {}
    async getUser(username, password) {}
    async saveAuthorizationCode(code, client, user) {}
    async getAuthorizationCode(authorizationCode) {}
    async revokeAuthorizationCode(code) {}
    async saveToken(token, client, user) {}
    async getAccessToken(bearerToken) {}
    async revokeToken(token) {}
  }  
  return Model;
};

For full description, check out https://www.npmjs.com/package/oauth2-server.

Examples

A simple password-mode OAuth 2.0 server. Full code at test/fixtures/apps/oauth2-server-test/app/extend/oauth.js

password mode app.oauth.token() lifecycle

getClient --> getUser --> saveToken

password mode app.oauth.authenticate() lifecycle

Only getAccessToken

authorization_code mode app.oauth.authorize() lifecycle

getClient --> getUser --> saveAuthorizationCode

authorization_code mode app.oauth.token() lifecycle

getClient --> getAuthorizationCode --> revokeAuthorizationCode --> saveToken

authorization_code mode app.oauth.authenticate() lifecycle

Only getAccessToken

Questions & Suggestions

Please open an issue. PRs are welcomed too.

License

MIT



Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Javascript (1,047,647
Server (66,425
Oauth (14,213
Authorization (5,845
Egg (2,225
Eggjs (493
Oauth2 Server (270
Egg Plugin (234