af83/oauth2_server_node af83/oauth2_server_node

  • Stars
    star
    105
  • Rank 320,610 (Top 7 %)
  • Language
    JavaScript
  • License
    BSD 2-Clause "Sim...
  • Created over 13 years ago
  • Updated about 13 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
af83/oauth2_server_node
github

af83

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Node library providing the bases to implement an OAuth2 server (as connect middleware)

OAuth2 Server in Node

Description

oauth2_server_node is a node library providing the bases to implement an OAuth2 server. It features a connect middleware to ease the integration with any other components.

It implements the OAuth2 web server schema as specified by the draft 10 of the OAuth2 specification.

This project will follow the specification evolutions, so a branch for the draft 11 will soon be created.

Similar projects

oauth2_server_node is developed together with:

  • oauth2_client_node, a connect middleware featuring an OAuth2 client.
  • auth_server, an authentication and authorization server in node (using both oauth2_client_node and oauth2_server_node).

Usage

OAuth2_server_node is a library providing OAuth2 related methods and tools, no more. As such, you will have to set-up a certain amount of initializations / declarations to use it. A good example on how to use it is the auth_server project.

To create an OAuth2 server using oauth2_server_node, you need to get a connector using the oauth2/server.connector function. This function needs three parameters:

  • a config obj, containing:
  • authorize_url: end-user authorization endpoint, the URL the end-user must be redirected to to be served the authentication form.
  • process_login_url: the url the authentication form will POST to.
  • token_url: OAuth2 token endpoint, the URL the client will use to check the authorization_code given by user and get a token.
  • crypt_key: string, encryption key used to crypt information contained in the issued tokens. This is a symmetric key and must be kept secret.
  • sign_key: string, signature key used to sign (HMAC) issued tokens. This is a symmetric key and must be kept secret.
  • a RFactory obj as defined by rest-mongo (a JS ORM using Mongodb - or others means - as a backend). It is used to get an R object, providing classes and methods to easily access the DB. This factory needs to be initialized with a schema containing at least the following resources:
    • Grant, corresponding the grant issued to an OAuth2 client through the end-user, and containing the following properties:
      • client_id: the client id associated with the grant
      • user_id: the user id associated with the grant
      • code: the grant code (the code sent to client is: grant.id|grant.code)
      • time: when the grant was issued, POSIX time
      • redirect_uri: the redirect_uri associated with the grant
      • additional_info: JSON object containing arbitrary data
    • Client, corresponding to an OAuth2 client, and containing the following properties:
      • id: the OAuth2 client id
      • name: the OAuth2 client name
      • secret: the secret shared with the OAuth2 client
      • redirect_uri: the redirecting url associated with the client
  • an authentication object, providing the following functions:
  • login: function to render the login page to end user in browser.
  • process_login: to process the credentials given by user. This function should use the oauth2/server.send_grant function once user is authenticated.

The returned middleware will take care of requests addressed to the OAuth2 server, using the objects/functions it was given during initialization. You may want to create a resource server then. The oauth2/common.js provides a check_token function which might be helpful in that. This function will check the token in request parameter and give you associated info, or deny access to client (in case of bad token).

Dependencies

oauth2_server_node uses nodetk for testing, rest-mongo, node-serializer and connect.

Projects using oauth2_server_node

A wiki page lists the projects using oauth2_server_node. Don't hesitate to edit it.

License

BSD.

More Repositories

1

sponges

Turn any Ruby object into a daemon controlling an army of sponges.
Ruby
81
star
2

auth_server

Node application acting as an authentication and portable contacts provider (using OAuth2)
JavaScript
70
star
3

ucengine

U.C.Engine is a pubsub server with persistence. You can build realtime applications or integrate realtime features to existing applications.
Erlang
68
star
4

webcam-streaming

Stream webcam to rtmp server using flash widget.
Haxe
62
star
5

koalab

A scrum-like board powered by nginx, nodejs, mongodb, backbone and html5
CoffeeScript
61
star
6

oauth2_client_node

A node library providing the bases to implement an OAuth2 client (as connect middleware)
JavaScript
41
star
7

desi

Desi (Developper ElasticSearch Installer) is very simple tool to quickly set up an Elastic Search local install for development purposes.
Ruby
39
star
8

zobi

Keep your rails controllers DRY.
Ruby
37
star
9

git_elasticsearch

Just a proof of concept to index a git repo in elastic search
Ruby
25
star
10

capistrano-af83-old

Capistrano recipes for af83
Ruby
24
star
11

rest-mongo

A JS ORM for both server and browser providing Rest server connect middleware
JavaScript
21
star
12

jquery.mustache

A JQuery plugin to ease the use of Mustache templates
JavaScript
15
star
13

erlyvideo-ucengine

U.C.Engine plugin for Erlyvideo
Erlang
14
star
14

fnf-detect

Detect faces and features in images to help cropping them
C++
13
star
15

node-serializer

Module providing functions to go from JSON obj to [opaque] string or vice & versa.
JavaScript
11
star
16

dotfiles

Dotfiles for our servers
Vim Script
11
star
17

sinatra-geckoboard

A little Sinatra extension to expose data nicely to Geckoboard.
Ruby
9
star
18

jenkins-status

Show Jenkins job status or view in a web page.
JavaScript
9
star
19

social_auth_py

Python package (WSGI middleware) providing authentication using Google, Yahoo, Facebook, Twitter and OpenID providers
Python
8
star
20

Geeks

A web application showing people on map.
JavaScript
7
star
21

ErrorNot

A service to be sure that all errors in your apps are raised.
Ruby
6
star
22

ucengine-docs

U.C.Engine docs - gollum wiki
JavaScript
6
star
23

documentator

Documentation helpers and bootstrap command.
Ruby
6
star
24

nodetk

nodetk is a set of small libraries intended to facilitate the use of nodejs.
JavaScript
5
star
25

morm

Yet another PHP ORM ...
PHP
5
star
26

funnel_http

Streaming HTTP API built upon ElasticSearch's percolation.
Elixir
5
star
27

readminator

Improve your README!
Ruby
4
star
28

Zonard

UI to transform (resize, crop, rotate, translate) contents (such as images)
CoffeeScript
4
star
29

trac_auth_server

Plugin for trac to use AuthServer for authentication and authorization
Python
4
star
30

redishttp

is a fun simple Ruby/nodejs/PHP script with oAuth2 support that exposes Redis It allows you to write full fledged application in 100% client side code, and still have serverside persistance, authentication and authorization over HTTP with a nice jQuery plugin
JavaScript
4
star
31

connect-sts

Middleware to add "Strict-Transport-Security" header.
JavaScript
3
star
32

auth_server_client_py

Python lib to use AuthServer for authentication and authorization in your applications
Python
3
star
33

ucengine-widgets

U.C.Engine contributed widgets library.
JavaScript
3
star
34

mongoid_translate

Translate mongoid models
Ruby
3
star
35

portable_contacts_server

Simple proof of concept of portable contacts server.
JavaScript
3
star
36

hashcode-2015

Our best submission to hash code 2015
Ruby
3
star
37

mod_ucengine

Gateway between ejabberd muc and U.C.Engine
Erlang
2
star
38

okeygo

karaoke in your browser
JavaScript
2
star
39

unified-redis

An unified redis interface for redis-rb and em-redis.
Ruby
2
star
40

in-da-house

JQuery plugin to implement a flexible "edit in place" mechanism
JavaScript
2
star
41

CaptainHook

CaptainHook is a quick, untested and ugly hook sniffer.
Elixir
2
star
42

node-image-server

Node server to serve, convert and resize images on demand
CoffeeScript
1
star
43

session-cookie

Custom session handler for php, write session data in encrypted cookie
PHP
1
star
44

ErrorNot-plugins

Ruby
1
star
45

ruby-promobox

Ruby API promobox
Ruby
1
star
46

edwig-admin

Front d'administration d'edwig
Ruby
1
star
47

leonardo

A minimalist image filter library for javascript
JavaScript
1
star
48

simpletest-runner

Custom simpletest runner
PHP
1
star
49

ucengine-ipad

CodeWeek 5 experiment: U.C.Engine UI for iPad
JavaScript
1
star
50

turbulences_demo

Demo site of turbulences
JavaScript
1
star
51

ucengine-kinect

CodeWeek 5 experiment: detect gestures with a Kinect and send them as events to U.C.Engine
C++
1
star
52

ucengine-www

U.C.Engine website
1
star
53

autoloader

A simple php autoloder class supporting caching
PHP
1
star
54

ragondin

sinatra like php framework.
PHP
1
star