oauth2orize-chain

Chained token exchange for OAuth2orize.

This exchange is used by a protected service to exchange a token it receives from a client for a token it can use to access another protected service, potentially within a different security domain. This scenario facilitiates service chaining, in which one service needs to communicate with another service in order to fulfill the original request.

Install

$ npm install oauth2orize-chain

Usage

Register Exchange

Register the exchange with a Server instance and implement the issue callback:

var chain = require('oauth2orize-chain').exchange.chain;
 
server.exchange('http://oauth.net/grant_type/chain', chain(function(client, token, scope, done) {
  // TODO:
  // 1. Verify the access token.
  // 2. Ensure that the token is being exchanged by a resource server for which
  //    it is intended.
  // 3. Issue a chained access token.
});

Considerations

Specification

This module is implemented based on Chain Grant Type for OAuth2, draft version 01. As a draft, the specification remains a work-in-progress and is not final. The specification is under discussion within the OAuth Working Group of the IETF. Implementers are encouraged to track the progress of this specification and update implementations as necessary. Furthermore, the implications of relying on non-final specifications should be understood prior to deployment.

License

The MIT License

Copyright (c) 2014-2017 Jared Hanson <http://jaredhanson.net/>