npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

t-oauth2-provider

v0.0.3

Published

Provide a base class for customizable oauth2 provider

Downloads

12

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tungvtungv

Keywords

oauth2oauth2providerexpresscoffee script

Readme

oauth2-provider

Provide a base class for OAuth2 Provider

Supported Grant Types

  1. authorization code
  2. implicit
  3. user password
  4. client password

Setup

Assume that you already instantiate a provider from my base class, you need to listen the following 3 paths from you app

  app.get "/dialog/authorize", provider.authorization()
  app.post "/dialog/authorize/decision", provider.decision()
  app.post "/oauth/token", provider.token()

For protected resource, you need to add a passport middleware to make sure bearer tokens are checked before your api processes

  api.use '/', passport.authenticate "bearer", session:false

Note: your path names can be different; however, I will use the above names in this guide.

How to use

Client Password

Client Password grant type is used when the consumer need to make API calls to protected resources as an application, not as a resource owner. It's useful to get total online users for example (which not related to any particular user).

To use client password grant types, the consumer code need to do a POST to {hostname}/oauth/token

  body = {
    grant_type: 'client_credentials'
    client_id: client.clientId
    client_secret: client.clientSecret
    scope: '*'
  }

  request.post '{hostname}/oauth/token', {json:true, body}, (err, res, code)->
    res.statusCode.should.equal 200
    code.access_token.should.be.a 'string'
    code.token_type.should.equal 'Bearer'
    done()

The consumer should receive a json object with the following format:

  {
    "token_type": "Bearer",
    "access_token": "<your access token>"
  }

From now on, your consumer can call protected resource by adding a header in each request

  Authorization: Bearer <your access token>

Note: It's important to set json:true because the endpoint expects an application/json request content-type.

How it works:

1. validation step

When a POST to /oauth/token is made, provider will verify your client credentials by calling provider.validateClient(clientId, clientSecret, done) which will asynchronously return the client object or false depend on the input's validity via done (which is an err-first node-style callback).

2. token issue step

If valid, that request will login with the given client and call next middleware, where an access token is actually issued. In this step, provider.exchangeClientCredentialsForToken(client, scope, done) is called with client with scope is the requesting scope. You will have to asynchronously return a new token as a string via done (which is also an err-first node-style callback).