Complete, compliant and well tested module for implementing an OAuth2 server in Node.js.
NOTE: This project has been forked from oauthjs/node-oauth2-server and is a continuation due to the project appearing to be abandoned. Please see our issue board to talk about next steps and the future of this project.
npm install @node-oauth/oauth2-server
The @node-oauth/oauth2-server
module is framework-agnostic but there are several officially supported wrappers available for popular HTTP server frameworks such as Express and Koa (not maintained by us).
If you're using one of those frameworks it is strongly recommended to use the respective wrapper module instead of rolling your own.
- Supports
authorization_code
,client_credentials
,refresh_token
andpassword
grant, as well as extension grants, with scopes. - Can be used with promises, Node-style callbacks, ES6 generators and async/await (using Babel).
- Fully RFC 6749 and RFC 6750 compliant.
- Implicitly supports any form of storage, e.g. PostgreSQL, MySQL, MongoDB, Redis, etc.
- Support for PKCE
- Complete test suite.
Documentation is hosted on Read the Docs. Please leave an issue if something is confusing or missing in the docs.
Most users should refer to our Express (active) or Koa (not maintained by us) examples.
More examples can be found here: https://github.com/14gasher/oauth-example
Version 4.x should not be hard-breaking, however, there were many improvements and fixes that may be incompatible with specific behaviour in <= 3.x
For more info, please read the changelog or open an issue, if you think something is unexpectedly not working.
This project supports the node versions along the NodeJS LTS releases, focusing on
- Maintenance LTS
- Active LTS
- Current
Please read our contribution guide before taking actions. In any case, please open an issue before opening a pull request to find out whether your intended contribution will actually have a chance to be merged.