@scenid/express-introspection-auth NPM

express-introspection-auth

What is it?

Express middleware that validates OAuth2 tokens against an introspection endpoint to grant access to a resource.

Prerequisite

This middleware expects that the bearer token was extracted beforehand and put into the request object. One way to do this is via middleware express-bearer-token (https://www.npmjs.com/package/express-bearer-token).

Usage

import express from 'express'
import bearerToken from 'express-bearer-token'
import introspectionAuth from 'express-introspection-auth'

const app = express()
const auth = introspectionAuth('http://localhost:3001/token_info')

app.use(bearerToken())

app.all('/justValidateToken', auth(), /* your handler, router, middleware */)

/* Given the introspection endpoint returns a list of allowed scopes for the token, we can validate against them */
app.get('/needsReadScope', auth(['read']), /* your handler, router, middleware */)
app.post('/needsSpecialScopes', auth(['read', 'write']), /* your handler, router, middleware */)

app.listen(8000)

Documentation

Official OAuth2 doc about this topic: https://www.oauth.com/oauth2-servers/the-resource-server/

oauth oauth2 express token introspection auth

1.1.0

6 years ago

1.0.0

7 years ago