Skip to content

A full featured, secure, standards compliant implementation of an OAuth 2.0 authorization server for Nodejs that utilizes JWT and Proof Key for Code Exchange (PKCE), written in TypeScript.

License

Notifications You must be signed in to change notification settings

jasonraimondi/ts-oauth2-server

Repository files navigation

TypeScript OAuth2.0 Server

JSR NPM Version GitHub Workflow Status Test Coverage NPM Downloads

@jmondi/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in TypeScript.

Requires node >= 18. Read the docs

The following RFCs are implemented:

Out of the box it supports the following grants:

Framework support:

The included adapters are just helper functions, any framework should be supported. Take a look at the adapter implementations to learn how you can create custom adapters for your favorite tool!

Usage

A example using client credentials grant

const authorizationServer = new AuthorizationServer(
  clientRepository,
  accessTokenRepository,
  scopeRepository,
  "secret-key",
);
authorizationServer.enableGrantType("client_credentials");

app.post("/token", async (req: Express.Request, res: Express.Response) => {
  try {
    const oauthResponse = await authorizationServer.respondToAccessTokenRequest(req);
    return handleExpressResponse(res, oauthResponse);
  } catch (e) {
    handleExpressError(e, res);
  }
});

app.post("/token/revoke", async (req: Express.Request, res: Express.Response) => {
  try {
    const oauthResponse = await authorizationServer.revoke(req);
    return handleExpressResponse(res, oauthResponse);
  } catch (e) {
    handleExpressError(e, res);
  }
});

Example implementations:

Security

Version Latest Version Security Updates
4.x 🎉 🎉
3.x 🎉 🎉
2.x 🎉

Migration Guide

Thanks

This project is inspired by the PHP League's OAuth2 Server. Check out the PHP League's other packages for some other great PHP projects.

Star History

Star History Chart

About

A full featured, secure, standards compliant implementation of an OAuth 2.0 authorization server for Nodejs that utilizes JWT and Proof Key for Code Exchange (PKCE), written in TypeScript.

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Sponsor this project

 

Contributors 17