passport-oauth2-password-grant-additional-params

OAuth 2.0 password grant authentication strategy for Passport with additional client information.

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
passport-oauth2-password-grant-additional-params
001.0.06 years ago6 years agoMinified + gzip package size for passport-oauth2-password-grant-additional-params in KB

Readme

passport-oauth2-password-grant
Build Quality
This module allows authentication through OAuth2 on servers which permit the 'password' grant type. It makes use of the Passport authentication framework to allow easy use by any Express-based application. Like the module on which it is based, passport-oauth2, its functionality is designed to be generic enough for use with any OAuth2-compliant implementation which accepts password grants and can be subclassed for provider-specific functionality, including user profile.

Installation

$ npm install passport-oauth2-password-grant-additional-params

Usage

Generic Configuration

Like passport-oauth2, the token grant endpoint and OAuth2 client ID are passed as options to the strategy constructor. It also requires a verify() callback, which is called when authentication has succeeded and must call the done() callback when it has finished. verify() accepts one of the following prototypes:
function(accessToken, refreshToken, profile, done);
function(accessToken, refreshToken, requestParams, profile, done);
The following demonstrates how to construct and use a PasswordGrantStrategy object:
var PasswordGrantStrategy = require('passport-oauth2-password-grant-additional-params');

passport.use(new PasswordGrantStrategy({
	tokenURL: 'https://www.example.com/oauth2/token',
	clientID: EXAMPLE_CLIENT_ID
},
function(accessToken, refreshToken, profile, done) {
	done(null, profile);
});
Additionally, the passReqToCallback and skipUserProfile options may be used, which function identically to the same options for passport-oauth2.

Authentication

This is accomplished through the use of passport.authenticate() with the password-grant strategy. The username and password to be used for authentication are to be passed to passport.authenticate() as the username and password options, respectively. This may be done as in the following example:
function authenticate() {
	return function(req, res, next) {
		var username = req.body.username;
		var password = req.body.password;
		var clientIp = req.headers['x-forwarded-for'] || req.connection.remoteAddress || req.ip;
		//To get IPv4 address from like "::ffff:1.2.3.4"
		clientIp = clientIp.toString().split(':').slice(-1)[0];
		passport.authenticate('password-grant', {
			username: username,
			password: password,
			additional_args: clientIp // pass additional params here
		})(req, res, next);
	};
}

app.get('/auth/handler', authenticate(), function(req, res) {
	res.redirect('/');
});

User Profile Retrieval

In order to retrieve profile information for the authenticating user, a subclass of PasswordGrantStrategy must be provided which overrides the PasswordGrantStrategy.userProfile() function with prototype userProfile(accessToken, done). done() should be called as done(err, profile), and profile is then passed to the verify() callback provided during configuration.

Related Modules

– OAuth 2.0 authentication strategy, upon which this module is based – Bearer token authentication strategy for APIs

Testing

$ npm install
$ npm test

Credits

from which this module was adapted and upon which this module relies

License

The MIT License