Module : oauth2
Module Overview
This module provides an inbound and outbound OAuth2 authentication provider, which can be used to authenticate the provided credentials against an introspection endpoint and authenticate with an external endpoint.
Inbound OAuth2 Provider
The oauth2:InboundOAuth2Provider
is an implementation of the auth:InboundAuthProvider
interface. This calls an
introspection endpoint, validate the token, and performs authentication and authorization.
oauth2:IntrospectionServerConfig introspectionServerConfig = {
url: "https://localhost:9196/oauth2/token/introspect"
};
oauth2:InboundOAuth2Provider oauth2Provider = new(introspectionServerConfig);
Outbound OAuth2 Provider
The oauth2:OutboundOAuth2Provider
is an implementation of the auth:OutboundAuthProvider
interface. This is used to
call an external endpoint with authentication.
Client Credentials Grant Type
oauth2:OutboundOAuth2Provider oauth2Provider1 = new({
tokenUrl: "https://localhost:9196/oauth2/token",
clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
clientSecret: "9205371918321623741",
scopes: ["token-scope1", "token-scope2"]
});
Password Grant Type
oauth2:OutboundOAuth2Provider oauth2Provider5 = new({
tokenUrl: "https://localhost:9196/oauth2/token/authorize/header",
username: "johndoe",
password: "A3ddj3w",
clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
clientSecret: "9205371918321623741",
scopes: ["token-scope1", "token-scope2"]
});
Direct Token Mode
oauth2:OutboundOAuth2Provider oauth2Provider13 = new({
accessToken: "2YotnFZFEjr1zCsicMWpAA",
refreshConfig: {
refreshUrl: "https://localhost:9196/oauth2/token/refresh",
refreshToken: "XlfBs91yquexJqDaKEMzVg==",
clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
clientSecret: "9205371918321623741",
scopes: ["token-scope1", "token-scope2"]
}
});
CachedToken | The `CachedToken` stores the values received from the authorization/token server to use them for the latter requests without requesting tokens again. |
ClientCredentialsGrantConfig | The `ClientCredentialsGrantConfig` record can be used to configue OAuth2 client credentials grant type. |
DirectTokenConfig | The `DirectTokenConfig` record configures the access token directly. |
DirectTokenRefreshConfig | The `DirectTokenRefreshConfig` record passes the configurations for refreshing the access token for the grant type of the direct token grant type. |
IntrospectionServerConfig | Represents introspection server onfigurations. |
PasswordGrantConfig | The `PasswordGrantConfig` record can be used to configue OAuth2 password grant type |
RefreshConfig | The `RefreshConfig` record can be used to pass the configurations for refreshing the access token of password grant type. |
InboundOAuth2Provider | Represents inbound OAuth2 provider, which calls the introspection server and validate the received credentials. |
OutboundOAuth2Provider | Represents outbound OAuth2 provider. |
getScopes | Reads the scope(s) for the user with the given username. |
OAUTH2_ERROR | Represents the OAuth2 error reason. |
Error | Represents the OAuth2 error type with details. |