{"library":"oauth2orize","title":"OAuth2orize - OAuth 2.0 Authorization Server Toolkit","description":"OAuth2orize is a Node.js toolkit designed for implementing OAuth 2.0 authorization servers. It provides a suite of modular middleware functions that allow developers to construct a server supporting various OAuth 2.0 grant types, such as authorization code, implicit, password, and client credentials, along with refresh token functionality. The library, currently at stable version 1.12.0, integrates seamlessly with Passport.js for user authentication, acting primarily as the authorization layer. Its architecture requires application-specific route handlers and persistent storage for clients, authorization codes, and access tokens, which are not provided out-of-the-box. Due to its long-standing stability and minimal recent updates (last published 2 years ago), it operates under a maintenance release cadence, indicating it's a mature project rather than one undergoing active feature development. A key differentiator is its highly pluggable middleware design, allowing granular control over the OAuth flow, though this also means more boilerplate compared to opinionated, full-stack solutions.","language":"javascript","status":"maintenance","last_verified":"Sun Apr 19","install":{"commands":["npm install oauth2orize"],"cli":null},"imports":["const oauth2orize = require('oauth2orize');\nconst server = oauth2orize.createServer();","const oauth2orize = require('oauth2orize');\nserver.grant(oauth2orize.grant.code(...));","const oauth2orize = require('oauth2orize');\nserver.exchange(oauth2orize.exchange.code(...));"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"const express = require('express');\nconst oauth2orize = require('oauth2orize');\nconst passport = require('passport');\nconst BasicStrategy = require('passport-http').BasicStrategy;\n\n// Mock database/storage for demonstration\nconst db = {\n  clients: [{ id: 'client1', secret: 'secret1', redirectUri: 'http://localhost:3000/auth/example/callback' }],\n  users: [{ id: 'user1', username: 'testuser', password: 'password' }],\n  authorizationCodes: [],\n  accessTokens: []\n};\n\n// Mock utility for UID generation\nconst utils = {\n  uid: (len) => Math.random().toString(36).substring(2, 2 + len)\n};\n\nconst app = express();\napp.use(express.urlencoded({ extended: true })); // For parsing x-www-form-urlencoded\napp.use(express.json()); // For parsing application/json\napp.use(require('express-session')({ secret: 'keyboard cat', resave: false, saveUninitialized: false }));\napp.use(passport.initialize());\napp.use(passport.session());\n\n// Passport setup (simplified for example)\npassport.use(new BasicStrategy(function(username, password, done) {\n  const user = db.users.find(u => u.username === username && u.password === password);\n  if (!user) { return done(null, false); }\n  return done(null, user);\n}));\n\npassport.serializeUser(function(user, done) { done(null, user.id); });\npassport.deserializeUser(function(id, done) {\n  const user = db.users.find(u => u.id === id);\n  done(null, user);\n});\n\n// Create OAuth 2.0 server\nconst server = oauth2orize.createServer();\n\n// Register authorization code grant type\nserver.grant(oauth2orize.grant.code(function(client, redirectURI, user, ares, done) {\n  const code = utils.uid(16);\n  db.authorizationCodes.push({ code, clientId: client.id, redirectUri, userId: user.id, scope: ares.scope });\n  done(null, code);\n}));\n\n// Register authorization code exchange type\nserver.exchange(oauth2orize.exchange.code(function(client, code, redirectURI, done) {\n  const authCode = db.authorizationCodes.find(ac => ac.code === code && ac.clientId === client.id && ac.redirectUri === redirectURI);\n  if (!authCode) { return done(null, false); }\n  // Remove code after use (one-time use)\n  db.authorizationCodes = db.authorizationCodes.filter(ac => ac.code !== code);\n\n  const token = utils.uid(256);\n  db.accessTokens.push({ token, userId: authCode.userId, clientId: authCode.clientId, scope: authCode.scope });\n  done(null, token);\n}));\n\n// Authorization endpoint\napp.get('/dialog/authorize',\n  passport.authenticate('session'), // Ensure user is logged in via Passport session\n  server.authorize(function(clientId, redirectURI, done) {\n    const client = db.clients.find(c => c.id === clientId);\n    if (!client) { return done(null, false); }\n    if (client.redirectUri !== redirectURI) { return done(new Error('Invalid redirect URI'), false); }\n    done(null, client, client.redirectUri);\n  }),\n  function(req, res) {\n    // Render a consent dialog\n    res.send(`\n      <h1>Authorize ${req.oauth2.client.id} to access your account?</h1>\n      <form action=\"/dialog/authorize/decision\" method=\"POST\">\n        <input type=\"hidden\" name=\"transaction_id\" value=\"${req.oauth2.transactionID}\">\n        <input type=\"submit\" value=\"Allow\" name=\"allow\">\n        <input type=\"submit\" value=\"Deny\" name=\"deny\">\n      </form>\n    `);\n  }\n);\n\n// Decision endpoint\napp.post('/dialog/authorize/decision',\n  passport.authenticate('session'),\n  server.decision()\n);\n\n// Token endpoint\napp.post('/oauth/token',\n  passport.authenticate(['basic', 'oauth2-client-password'], { session: false }),\n  server.token(),\n  server.errorHandler()\n);\n\napp.listen(3000, () => console.log('OAuth2orize server listening on port 3000'));","lang":"javascript","description":"Demonstrates a basic OAuth 2.0 authorization server setup using `oauth2orize` with Express and Passport, including authorization code grant and exchange. It includes mocked storage for clients, users, authorization codes, and access tokens to be runnable.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}