Token redelegation and chaining exchange for OAuth2orize.
This exchange is used by a resource server to exchange an access token it has recieved from a client for a derivative token for use with another resource server. This scenario facilitiates service chaining, in which one service needs to communicate with another service in order to fulfill the original request.
$ npm install oauth2orize-redelegate
Register the exchange with a Server
instance and implement the issue
callback:
var redelegate = require('oauth2orize-redelegate').exchange.redelegate;
server.exchange('urn:ietf:params:oauth:grant_type:redelegate', redelegate(function(client, token, scope, done) {
// TODO:
// 1. Verify the access token.
// 2. Ensure that the token is being exchanged by a resource server for which
// it is intended.
// 3. Issue a deriviative token with equal or lesser scope.
});
This module is implemented based on A Method of Bearer Token Redelegation and Chaining for OAuth 2, draft version 00. As a draft, the specification remains a work-in-progress and is not final. The specification is under discussion within the OAuth Working Group of the IETF. Implementers are encouraged to track the progress of this specification and update implementations as necessary. Furthermore, the implications of relying on non-final specifications should be understood prior to deployment.
Copyright (c) 2014-2017 Jared Hanson <http://jaredhanson.net/>