by manjeshpv

Using oauth2-server: 3.0.0-b2 & Supports MongoDB, MySQL, PostgreSQL, MSSQL & SQLite

203 Stars 102 Forks Last release: Not found 19 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Node OAuth2 Server Implementation

Please refer this Fully functional OAuth 2.0 Implementation with production example with node-oauth2-server#2.4.0


"oauth2-server": "^3.0.0-b2",


git clone
npm install
npm start or node ./bin/www

Quick Start

The module provides two middlewares, one for authorization and routing, another for error handling, use them as you would any other middleware:

var express = require('express');
var oauthServer = require('oauth2-server');
var Request = oauthServer.Request;
var Response = oauthServer.Response;
var authenticate = require('./components/oauth/authenticate')

var app = express();

app.use(bodyParser.urlencoded({ extended: true }));


// var oauth = new oauthServer({ model: require('./models.js') });

app.all('/oauth/token', function(req,res,next){ var request = new Request(req); var response = new Response(res);

  .then(function(token) {
    // Todo: remove unnecessary values in response
    return res.json(token)
    return res.status( 500).json(err)

});'/authorise', function(req, res){ var request = new Request(req); var response = new Response(res);

return oauth.authorize(request, response).then(function(success) {
  res.status(err.code || 500).json(err)


app.get('/secure', authenticate(), function(req,res){ res.json({message: 'Secure data'}) });

app.get('/me', authenticate(), function(req,res){ res.json({ me: req.user, messsage: 'Authorization success, Without Scopes, Try accessing /profile with profile scope', description: 'Try postman', more: 'pass profile scope while Authorize' }) });

app.get('/profile', authenticate({scope:'profile'}), function(req,res){ res.json({ profile: req.user }) });


After running with node, visting should present you with a json response saying your access token could not be found.

To simulate, Use Postman:


  • Supports authorizationcode, password, refreshtoken, client_credentials and extension (custom) grant types
  • Implicitly supports any form of storage e.g. PostgreSQL, MySQL, Mongo, Redis...
  • Full test suite

Model Specification

See SQL file in


The module requires a model object through which some aspects or storage, retrieval and custom validation are abstracted. The last parameter of all methods is a callback of which the first parameter is always used to indicate an error.

Note: see for a full model example using MySQL.


We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.