https://deno.land/x/oauth2_dance
Implementation of OAuth2 Authorization Code Grant w/PKCE using Deno
RFC 6749 - OAuth2 Authorization Code Grant ch. 4.1
RFC 7636 - PKCE Code Challenge
This module is a WIP of rfc6749 and rfc 7636 and will hopefully suit as an entrypoint when learning about OAuth2.
...and since we are learning TS
Deno
and OAuth2
as we go, expect the code to change frequently!
DENO_AUTHORIZE_URL=http://localhost:9001/authorize
DENO_TOKEN_URL=http://localhost:9001/token
DENO_INTROSPECT_URL=http://localhost:9001/introspect
DENO_CLIENT_ID=client1
DENO_CLIENT_SECRET=clientsecret1
DENO_CLIENT_REDIRECT_URL="http://localhost:3000/callback"
DENO_FILE_TOKENS_DB="tokens.db"
-
Create your
.env
file in root folder like the one above. -
Start
client
,server
andresource
$ deno run --allow-all --location=http://localhost ./examples/oauth2_client.ts
$ deno run --allow-all --location=http://localhost ./examples/oauth2_server.ts
$ deno run --allow-all --location=http://localhost ./examples/oauth2_resource.ts
-
Test the protected resource with issued token:
$ curl -H 'Authorization: Bearer <TOKEN>' http://localhost:7000/protected
-
obs! Your
.env
need to change the lineDENO_TOKEN_URL=http://server:9001/token
to useserver
instead oflocalhost
in this setup. -
optional, verify environment-var replacements with
docker compose config
-
build images and run with docker-compose
$ ./build-docker.sh
$ docker compose up (-d optionally)
- Visit http://localhost:3000/authme
- Test the protected resource with issued token:
$ curl -H 'Authorization: Bearer <TOKEN>' http://localhost:7000/protected
Output Logged:
oa2client | Client listening on :3000
oa2server | Authorization server listening on :9001
oa2resource | Protected resource listening on :7000
oa2client | GET http://localhost:3000/authme
oa2server | GET http://localhost:9001/authorize?response_type=code&client_id=oauth-client-1&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&state=X1GCu7df&scope=foo&code_challenge=%2FREQgseA8M5EMoMON6TfYQzQ%2FxxxSloFBYnNHAVnjS4%3D&code_challenge_method=S256
oa2server | POST http://localhost:9001/approve
oa2server | TOKENDB hcYb8Ew40vYaD20usTg87t8H, 2021-10-11 15:16:14
oa2server | POST http://server:9001/token
oa2client | TOKEN Take The Token: {"access_token":"hcYb8Ew40vYaD20usTg87t8H","token_type":"Bearer","expires_in":600}
oa2client | GET http://localhost:3000/callback?code=ttdzwd3Bv4ik&state=X1GCu7df
oa2resource | GET http://localhost:7000/protected