Module : oauth2

Module Overview

This module provides an inbound and outbound OAuth2 authentication provider, which can be used to authenticate the provided credentials against an introspection endpoint and authenticate with an external endpoint.

Inbound OAuth2 Provider

The oauth2:InboundOAuth2Provider is an implementation of the auth:InboundAuthProvider interface. This calls an introspection endpoint, validate the token, and performs authentication and authorization.

oauth2:IntrospectionServerConfig introspectionServerConfig = {
    url: "https://localhost:9196/oauth2/token/introspect"
};
oauth2:InboundOAuth2Provider oauth2Provider = new(introspectionServerConfig);

Outbound OAuth2 Provider

The oauth2:OutboundOAuth2Provider is an implementation of the auth:OutboundAuthProvider interface. This is used to call an external endpoint with authentication.

Client Credentials Grant Type

oauth2:OutboundOAuth2Provider oauth2Provider1 = new({
    tokenUrl: "https://localhost:9196/oauth2/token",
    clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
    clientSecret: "9205371918321623741",
    scopes: ["token-scope1", "token-scope2"]
});

Password Grant Type

oauth2:OutboundOAuth2Provider oauth2Provider5 = new({
    tokenUrl: "https://localhost:9196/oauth2/token/authorize/header",
    username: "johndoe",
    password: "A3ddj3w",
    clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
    clientSecret: "9205371918321623741",
    scopes: ["token-scope1", "token-scope2"]
});

Direct Token Mode

oauth2:OutboundOAuth2Provider oauth2Provider13 = new({
    accessToken: "2YotnFZFEjr1zCsicMWpAA",
    refreshConfig: {
        refreshUrl: "https://localhost:9196/oauth2/token/refresh",
        refreshToken: "XlfBs91yquexJqDaKEMzVg==",
        clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
        clientSecret: "9205371918321623741",
        scopes: ["token-scope1", "token-scope2"]
    }
});

Records

CachedToken The `CachedToken` stores the values received from the authorization/token server to use them for the latter requests without requesting tokens again.
ClientCredentialsGrantConfig The `ClientCredentialsGrantConfig` record can be used to configue OAuth2 client credentials grant type.
Detail Record type to hold the details of an error.
DirectTokenConfig The `DirectTokenConfig` record configures the access token directly.
DirectTokenRefreshConfig The `DirectTokenRefreshConfig` record passes the configurations for refreshing the access token for the grant type of the direct token grant type.
IntrospectionServerConfig Represents introspection server onfigurations.
PasswordGrantConfig The `PasswordGrantConfig` record can be used to configue OAuth2 password grant type
RefreshConfig The `RefreshConfig` record can be used to pass the configurations for refreshing the access token of password grant type.

Objects

InboundOAuth2Provider

Represents inbound OAuth2 provider, which calls the introspection server and validate the received credentials.

OutboundOAuth2Provider

Represents outbound OAuth2 provider.

Functions

getScopes

Reads the scope(s) for the user with the given username.

Constants

OAUTH2_ERROR

Represents the OAuth2 error reason.

Errors

Error

Represents the OAuth2 error type with details.