0.1.2 • Published 7 years ago

passport-oauth2-client-nosecret v0.1.2

Weekly downloads
-
License
MIT
Repository
github
Last release
7 years ago

passport-oauth2-client-nosecret

Client verification/authentication strategy for Passport.

Just like passport-oauth2-client-password, except it doesn't require the client_secret.

Notes

  • Only servers that support unprotected clients (e.g., native and single-page applications) should use this strategy.
  • Developers must implement additional security enhancements (e.g., PKCE) if necessary.

Installation

npm install passport-oauth2-client-nosecret --save

Usage

passport.use(new ClientNoSecretStrategy(function(client_id, client_secret, next) {
    Client.findOne({ client_id: client_id }, function(err, client) {
        if(err) return next(err);
        
        if(!client || (client_secret && client.secret !== client_secret)) return next(null, false);
        
        return next(null, client);
    });
}));

app.post(
    '/endpoint',
    passport.authenticate(['oauth2-client-nosecret'], { session: false }),
    oauth2orize.token()
);
passport-strategy
0.1.2

7 years ago

0.1.1

7 years ago

0.1.0

7 years ago

0.0.2

7 years ago

0.0.1

7 years ago