Repository files navigation

OAuth 2.0 client password authentication strategy forPassport.

This module lets you authenticate requests containing client credentials in therequest body, asdefinedby the OAuth 2.0 specification. These credentials are typically used protectthe token endpoint and used as an alternative to HTTP Basic authentication.

^{Advertisement}
Node.js API Masterclass With Express & MongoDB
Create a real world backend for a bootcamp directory app

...

$ npm install passport-oauth2-client-password

The OAuth 2.0 client password authentication strategy authenticates clientsusing a client ID and client secret. The strategy requires averify callback,which accepts those credentials and callsdone providing a client.

passport.use(newClientPasswordStrategy(function(clientId,clientSecret,done){Clients.findOne({clientId:clientId},function(err,client){if(err){returndone(err);}if(!client){returndone(null,false);}if(client.clientSecret!=clientSecret){returndone(null,false);}returndone(null,client);});}));

Usepassport.authenticate(), specifying the'oauth2-client-password'strategy, to authenticate requests. This strategy is typically used incombination with HTTP Basic authentication (as provided bypassport-http),allowing clients to include credentials in the request body.

For example, as route middleware in anExpressapplication, usingOAuth2orizemiddleware to implement the token endpoint:

app.get('/profile',   passport.authenticate(['basic', 'oauth2-client-password'], { session: false }),  oauth2orize.token());

Theexampleincluded withOAuth2orizedemonstrates how to implement a complete OAuth 2.0 authorization server.ClientPasswordStrategy is used to authenticate clients as they request accesstokens from the token endpoint.

$ npm install --dev$ maketest

• Jared Hanson

The MIT License

Copyright (c) 2012-2013 Jared Hanson <http://jaredhanson.net/>