simple-oauth2-server v2.1.1
simple-oauth2-server
Introdution
Simple authorization OAuth2 module.
It uses lowdb
for saving tokens in session by default. And you can start developing now without creating data base. If you have DB and want to saving tokens in it you can write simple API for this module like:
- lowdb (default)
- mySQL
Basic usage
npm i --save simple-oauth2-server
const app = require('express')();
const soas2 = require('simple-oauth2-server');
const users = ['Администратор', 'Сотрудник', 'Administrator', 'Collaborator'];
soas2.init({
expressApp: app,
authentication(request, next, cancel) {
users.includes(request.body.username) ?
next() :
cancel('Authentication is fail!');
},
tokenExtend(request) {
return { role: request.body.username };
},
expiredToken: 15
})
.defend({
routes: ['/secret-one', '/secret-two/**'], // routes which you want to protect
methods: ['get', 'post', 'delete', 'put', 'patch'] // methods which you want to protect
});
Your protection is enabled! And server sends tokens on requests on createTokenPath
(by default '/token').
More detailed usage
You can watch an usage example on https://github.com/justerest/simple-oauth2-server/blob/master/example/app.js
Demo
Methods
init(options
)
Options (type: object
):
{
expressApp: /* required declare! Your express application object */,
authentication: /* required declare! Function for authentication */,
expiredToken: 15 * 60, // token lifetime
createTokenPath: '/token', // route where server gives tokens
revocationPath: '/tokenRevocation', // route where server revokes tokens
tokensDB: lowdbAPI, // API for working with DB
tokenType: 'Bearer', // Configured for Bearer tokens by default
// Function for configuring token format if it`s needed (argument is request)
tokenExtend: function(request) {
return { username: request.body.username };
}
}
defend(options
)
It establishes protection on routes.
Options:
- routes:
- type:
array
- default:
['**']
- type:
- methods:
- type:
array
- default:
['get', 'post', 'delete', 'put', 'patch']
- type:
layerAnd(function(request, next, cancel)
, ...functions
)
Add new protective layer.
layerOr(function(request, next, cancel)
, ...functions
)
Add new protective function in current layer.
Token info
On protected routes you can get token info from request.token
app.get('/secret-data', (request, response) => {
console.log(request.token);
response.send('secret data');
});
Default information in token (can not be re-written)
{
access_token: uuid(),
refresh_token: uuid(),
expires_in: this.expiredToken,
expires_at: moment()
}
Have questions or problems?
You can send me message on justerest@yandex.ru or create an issue. I will be very glad to listen any questions, criticism and suggestions. It's need for my diplom project.
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago