How to use oauth2orize - 10 common examples
To help you get started, we’ve selected a few oauth2orize examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
node-red / node-red / packages / node_modules / @node-red / editor-api / lib / auth / index.js View on Github 
var strategies = require("./strategies");
var Tokens = require("./tokens");
var Users = require("./users");
var permissions = require("./permissions");
var theme = require("../editor/theme");
var settings = null;
var log = require("@node-red/util").log; // TODO: separate module
passport.use(strategies.bearerStrategy.BearerStrategy);
passport.use(strategies.clientPasswordStrategy.ClientPasswordStrategy);
passport.use(strategies.anonymousStrategy);
var server = oauth2orize.createServer();
server.exchange(oauth2orize.exchange.password(strategies.passwordTokenExchange));
function init(_settings,storage) {
settings = _settings;
if (settings.adminAuth) {
var mergedAdminAuth = Object.assign({}, settings.adminAuth, settings.adminAuth.module);
Users.init(mergedAdminAuth);
Tokens.init(mergedAdminAuth,storage);
}
}
/**
* Returns an Express middleware function that ensures the user making a request
* has the necessary permission.
*
* @param {String} permission - the permission required for the request, such as `flows.write`setupMiddleware = function (server) {
var logging = config.logging,
subdir = config.paths.subdir,
corePath = config.paths.corePath,
oauthServer = oauth2orize.createServer();
// silence JSHint without disabling unused check for the whole file
authStrategies = authStrategies;
// Cache express server instance
expressServer = server;
middleware.cacheServer(expressServer);
middleware.cacheOauthServer(oauthServer);
oauth.init(oauthServer, middleware.resetSpamCounter);
// Make sure 'req.secure' is valid for proxied requests
// (X-Forwarded-Proto header will be checked, if present)
expressServer.enable('trust proxy');
// Logging configuration
if (logging !== false) {init: function init() {
oauthServer = oauth2orize.createServer();
// remove all expired accesstokens on startup
models.Accesstoken.destroyAllExpired();
// remove all expired refreshtokens on startup
models.Refreshtoken.destroyAllExpired();
// Exchange user id and password for access tokens. The callback accepts the
// `client`, which is exchanging the user's name and password from the
// authorization request for verification. If these values are validated, the
// application issues an access token on behalf of the user who authorized the code.
oauthServer.exchange(oauth2orize.exchange.password({userProperty: 'client'},
exchangePassword));
// Exchange the refresh token to obtain an access token. The callback accepts the
// `client`, which is exchanging a `refreshToken` previously issued by the server
// for verification. If these values are validated, the application issues aninit: function init() {
oauthServer = oauth2orize.createServer();
// remove all expired accesstokens on startup
models.Accesstoken.destroyAllExpired();
// remove all expired refreshtokens on startup
models.Refreshtoken.destroyAllExpired();
// Exchange user id and password for access tokens. The callback accepts the
// `client`, which is exchanging the user's name and password from the
// authorization request for verification. If these values are validated, the
// application issues an access token on behalf of the user who authorized the code.
oauthServer.exchange(oauth2orize.exchange.password({userProperty: 'client'},
exchangePassword));
// Exchange the refresh token to obtain an access token. The callback accepts the
// `client`, which is exchanging a `refreshToken` previously issued by the server
// for verification. If these values are validated, the application issues aninit: function init() {
oauthServer = oauth2orize.createServer();
// remove all expired accesstokens on startup
models.Accesstoken.destroyAllExpired();
// remove all expired refreshtokens on startup
models.Refreshtoken.destroyAllExpired();
// Exchange user id and password for access tokens. The callback accepts the
// `client`, which is exchanging the user's name and password from the
// authorization request for verification. If these values are validated, the
// application issues an access token on behalf of the user who authorized the code.
oauthServer.exchange(oauth2orize.exchange.password({userProperty: 'client'},
exchangePassword));
// Exchange the refresh token to obtain an access token. The callback accepts the
// `client`, which is exchanging a `refreshToken` previously issued by the server
// for verification. If these values are validated, the application issues aninit: function init() {
oauthServer = oauth2orize.createServer();
// remove all expired accesstokens on startup
models.Accesstoken.destroyAllExpired();
// remove all expired refreshtokens on startup
models.Refreshtoken.destroyAllExpired();
// Exchange user id and password for access tokens. The callback accepts the
// `client`, which is exchanging the user's name and password from the
// authorization request for verification. If these values are validated, the
// application issues an access token on behalf of the user who authorized the code.
oauthServer.exchange(oauth2orize.exchange.password({userProperty: 'client'},
exchangePassword));
// Exchange the refresh token to obtain an access token. The callback accepts the
// `client`, which is exchanging a `refreshToken` previously issued by the server
// for verification. If these values are validated, the application issues an//
// Copyright 2015 Giovanni Campagna
//
// See COPYING for details
const Q = require('q');
const crypto = require('crypto');
const express = require('express');
const passport = require('passport');
const oauth2orize = require('oauth2orize');
const BasicStrategy = require('passport-http').BasicStrategy;
const ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy;
// create OAuth 2.0 server
var server = oauth2orize.createServer();
const model = require('../model/oauth2');
const user = require('../util/user');
const db = require('../util/db');
var router = express.Router();
function makeRandom() {
return crypto.randomBytes(32).toString('hex');
}
// These strategies are used to authenticate oauth2 clients, not
// to authenticate users
function authOAuth2Client(clientId, clientSecret, done) {
db.withClient(function(dbClient) {
return model.getClients(dbClient, clientId).then(function(rows) {var oauth2orize = require('oauth2orize'),
passport = require('passport'),
OAuth2Client = require('../models/oauth2client'),
OAuth2Code = require('../models/oauth2code'),
OAuth2Token = require('../models/oauth2token'),
OAuth2Scope = require('../models/oauth2scope'),
logger = require('../logger.js'),
server = oauth2orize.createServer();
// An application must supply serialization functions, which determine how the
// client object is serialized into the session. Typically this will be a
// simple matter of serializing the client's ID, and deserializing by finding
// the client by ID from the database.
server.serializeClient(function (client, done) {
return done(null, client._id);
});
server.deserializeClient(function (id, done) {
OAuth2Client.findOne({
_id: id
}, function (error, client) {
if (error) {
logger.error('openHAB-cloud: deserializeClient: ' + error);//
// OAuth 2.0 specifies a framework that allows users to grant client
// applications limited access to their protected resources. It does this
// through a process of the user granting access, and the client exchanging
// the grant for an access token.
const config = require('./config');
const db = require('./db');
const login = require('connect-ensure-login');
const oauth2orize = require('oauth2orize');
const passport = require('passport');
const utils = require('./utils');
const validate = require('./validate');
// create OAuth 2.0 server
const server = oauth2orize.createServer();
// Configured expiresIn
const expiresIn = { expires_in : config.token.expiresIn };
/**
* Grant authorization codes
*
* The callback takes the `client` requesting authorization, the `redirectURI`
* (which is used as a verifier in the subsequent exchange), the authenticated
* `user` granting access, and their response, which contains approved scope,
* duration, etc. as parsed by the application. The application issues a code,
* which is bound to these values, and will be exchanged for an access token.
*/
server.grant(oauth2orize.grant.code((client, redirectURI, user, ares, done) => {
const code = utils.createToken({ sub : user.id, exp : config.codeToken.expiresIn });
db.authorizationCodes.save(code, client.id, redirectURI, user.id, client.scope)update: function (token, expirationDate, userId, done) {
AccessTokenModel.update({
userId: userId
}, {
$set: {
token: token,
expirationDate: expirationDate
}
}, done);
}
};
})();
// create OAuth 2.0 server
var server = module.exports.oauth2server = oauth2orize.createServer();
server.serializeClient(function (client, done) {
return done(null, client.id);
});
server.deserializeClient(function (id, done) {
clients.find(id, function (err, client) {
if (err) {
return done(err);
}
return done(null, client);
});
});
server.grant(oauth2orize.grant.code(function (client, redirectUri, user, ares, done) {
var code = crypto.randomBytes(16).toString('hex');oauth2orize
OAuth 2.0 authorization server toolkit for Node.js.
