Node.js client library for OAuth2. OAuth2 allows users to grant access to restricted resources by third party applications, giving them the possibility to enable and disable those accesses whenever they want.
Simple OAuth2 grant classes accept an object with the following params.
-
client
- required object with the following properties:id
- Service registered client id. When required by the spec this value will be automatically encoded. Requiredsecret
- Service registered client secret. When required by the spec this value will be automatically encoded. RequiredidParamName
- Parameter name used to send the client id. Defaults to client_idsecretParamName
- Parameter name used to send the client secret. Defaults to client_secret
-
auth
- required object with the following properties:tokenHost
- Base URL used to obtain access tokens. RequiredtokenPath
- URL path to obtain access tokens (See url resolution notes). Defaults to /oauth/tokenrevokePath
- URL path to revoke access tokens (See url resolution notes). Defaults to /oauth/revokeauthorizeHost
- Base URL used to request an authorization code. Defaults toauth.tokenHost
valueauthorizePath
- URL path to request an authorization code (See url resolution notes). Defaults to /oauth/authorize
-
http
optional object used to set default options to the internal http library (wreck). All options except baseUrl are allowedjson
: JSON response parsing mode. Defaults to strictredirects
Number or redirects to follow. Defaults to 20headers
Http headersaccept
Acceptable http response content type. Defaults to application/jsonauthorization
Always overriden by the library to properly send the required credentials on each scenario
-
options
additional options to setup how the module perform requestsscopeSeparator
Scope separator character. Some providers may require a different separator. Defaults to empty spacecredentialsEncodingMode
Setup how credentials are encoded whenoptions.authorizationMode
is header. Use loose if your provider doesn't conform the OAuth2 specification. Defaults to strictbodyFormat
- Request's body data format. Valid options areform
orjson
. Defaults to formauthorizationMethod
- Method used to send the client.id/client.secret authorization params at the token request. Valid options areheader
orbody
. If set to body, the bodyFormat option will be used to format the credentials. Defaults to header
URL paths are relatively resolved to their corresponding host property using the Node WHATWG URL resolution algorithm.
This submodule provides support for the OAuth2 Authorization Code grant type.
Creates the authorization URL from the client configuration and the authorize options. The following are supported authorize options:
redirectURI
String representing the registered application URI where the user is redirected after authenticationscope
String or array of strings representing the application privilegesstate
String representing an opaque value used by the client to main the state between the request and the callback
Additional options will be automatically serialized as query params in the resulting URL.
Get a new access token using the current grant type.
params
code
Authorization code received by the callback URLredirectURI
Application callback URL[scope]
Optional string or array including a subset of the original client scopes to request
Additional options will be automatically serialized as params for the token request.
httpOptions
All wreck options can be overriden as documented by the modulehttp
options.
Creates a new access token by providing a token object as specified by RFC6750.
This submodule provides support for the OAuth2 Resource Owner Password Credentials grant type.
Get a new access token using the current grant type.
params
username
User identifierpassword
User password[scope]
Optional string or array including a subset of the original client scopes to request
Additional options will be automatically serialized as params for the token request.
httpOptions
All wreck options can be overriden as documented by the modulehttp
options.
Creates a new access token by providing a token object as specified by RFC6750.
This submodule provides support for the OAuth2 Client Credentials grant type.
Get a new access token using the current grant type.
params
[scope]
Optional string or array including a subset of the original client scopes to request
Additional options will be automatically serialized as params for the token request.
httpOptions
All wreck options can be overriden as documented by the modulehttp
options.
Creates a new access token by providing a token object as specified by RFC6750.
Determines if the current access token is definitely expired or not
expirationWindowSeconds
Window of time before the actual expiration to refresh the token. Defaults to 0.
Refreshes the current access token. The following params are allowed:
params
[scope]
Optional string or array including a subset of the original token scopes to request
Additional options will be automatically serialized as query params for the token request.
Revokes either the access or refresh token depending on the {tokenType} value. Token type can be one of: access_token
or refresh_token
.
Revokes both the current access and refresh tokens
Immutable object containing the token object provided while constructing a new access token instance. This property will usually have the schema as specified by RFC6750, but the exact properties may vary between authorization servers.
Please also note, that the current implementation will always add an expires_at property regardless of the authorization server response, as we require it to to provide the refresh token functionality.