restify-oauth2-cc

OAuth 2 client credentials flow endpoint for restify

npm install restify-oauth2-cc
8 downloads in the last week
56 downloads in the last month

Restify OAuth2 (cc only)

A fork of restify-oauth2 that removes the Resource Owner Password Credentials support and makes authentication token generation a GET rather than a POST request.

Unit Tests

npm test

Runs all the unit and integration tests. All tests from the original repository pass after the modifications listed below.

Modifications

The following list indicates the differences with the initial implementation.

  • Token generation is performed with a GET rather than POST request.
  • Removed support for the request body and grant_type field.
  • tokenEndpoint option renamed to endpoint.
  • wwwAuthenticateRealm option renamed to realm.
  • tokenExpirationTime option renamed to expires.
  • Remove dependency on underscore.
  • Remove oauth2-token link messages.
  • Rename clientId to user.
  • Change various messages to be more professional.
  • Make error output consistent with restify error output.

Documentation is available at the original repository.

Configuration

var restify = require("restify");
var oauth2 = require("restify-oauth2-cc");
var server = restify.createServer({ name: "Web Services", version: "1.0.0" });
server.use(restify.authorizationParser());
oauth2.cc(server, options);

Notes

  • Unlike the original implementation the restify body parser is not required to use this package.
  • The user fields name was chosen as it is more consistent with other parts of our real-world application that use express and passport. In addition, in a real application you typically want to assign a complex object (user model) to the request object rather than an identifier, therefore user is probably more semantically correct.
npm loves you