Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 845b2b7

Browse files
committed
Support 'refresh_token' grant type
Fix #4, fix #7.
1 parent 88ec2c9 commit 845b2b7

File tree

2 files changed

+101
-8
lines changed

2 files changed

+101
-8
lines changed

‎README.md‎

Lines changed: 59 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ Install **nodejs** and **npm** and then, simply run `npm install` and `npm start
1010

1111
## Usage
1212

13-
You can use different grant types to get an access token. By now, `password`and `client_credentials` are available.
13+
You can use different grant types to get an access token. By now, `password`, `client_credentials`and `refresh_token` are available.
1414

1515
### Checking example data
1616

@@ -19,7 +19,7 @@ You can use different grant types to get an access token. By now, `password` and
1919
There is one client added to server and ready to work:
2020

2121
* **clientId**: `application`
22-
* **secret**: `secret`
22+
* **clientSecret**: `secret`
2323

2424
And there is also one existing user:
2525

@@ -31,10 +31,19 @@ And there is also one existing user:
3131
There is one confidential client added to server and ready to work:
3232

3333
* **clientId**: `confidentialApplication`
34-
* **secret**: `topSecret`
34+
* **clientSecret**: `topSecret`
3535

3636
You don't need any user to use this grant type, but for security is only available to confidential clients.
3737

38+
#### With *refresh_token* grant
39+
40+
There is one client added to server and ready to work:
41+
42+
* **clientId**: `application`
43+
* **clientSecret**: `secret`
44+
45+
You don't need any user to use this grant type, it was already provided when original token was obtained (by *password* grant type, for example).
46+
3847
### Obtaining a token
3948

4049
To obtain a token you should POST to `http://localhost:3000/oauth/token`.
@@ -44,7 +53,7 @@ To obtain a token you should POST to `http://localhost:3000/oauth/token`.
4453
You need to include the client credentials in request headers and the user credentials and grant type in request body:
4554

4655
* **Headers**
47-
* **Authorization**: `"Basic " + clientId:secret base64'd`
56+
* **Authorization**: `"Basic " + clientId:clientSecret base64'd`
4857
* (for example, to use `application:secret`, you should send `Basic YXBwbGljYXRpb246c2VjcmV0`)
4958

5059
* **Content-Type**: `application/x-www-form-urlencoded`
@@ -84,7 +93,7 @@ If all goes as planned, you should receive a response like this:
8493
You need to include the client credentials in request headers and the grant type in request body:
8594

8695
* **Headers**
87-
* **Authorization**: `"Basic " + clientId:secret base64'd`
96+
* **Authorization**: `"Basic " + clientId:clientSecret base64'd`
8897
* (for example, to use `confidentialApplication:topSecret`, you should send `Basic Y29uZmlkZW50aWFsQXBwbGljYXRpb246dG9wU2VjcmV0`)
8998

9099
* **Content-Type**: `application/x-www-form-urlencoded`
@@ -114,12 +123,56 @@ If all goes as planned, you should receive a response like this:
114123
}
115124
```
116125

126+
#### With *refresh_token* grant
127+
128+
When obtaining an access token using *password* grant, you get also a refresh token.
129+
With this token you can get a new access token, using only that value (username and password are not needed), while it has not been expired.
130+
131+
> Remember that, if you refresh a token while it was still valid, the old access and refresh tokens get revoked, and only the new access and refresh tokens are valid to be used.
132+
133+
You need to include the client credentials in request headers and the refresh token and grant type in request body:
134+
135+
* **Headers**
136+
* **Authorization**: `"Basic " + clientId:clientSecret base64'd`
137+
* (for example, to use `application:secret`, you should send `Basic YXBwbGljYXRpb246c2VjcmV0`)
138+
139+
* **Content-Type**: `application/x-www-form-urlencoded`
140+
* **Body**
141+
* `grant_type=refresh_token&refresh_token=67c8300ad53efa493c2278acf12d92bdb71832f9`
142+
* (contains 2 parameters: `grant_type` and `refresh_token`)
143+
144+
For example, using `curl`:
145+
```
146+
curl http://localhost:3000/oauth/token \
147+
-d "grant_type=refresh_token" \
148+
-d "refresh_token=67c8300ad53efa493c2278acf12d92bdb71832f9" \
149+
-H "Authorization: Basic YXBwbGljYXRpb246c2VjcmV0" \
150+
-H "Content-Type: application/x-www-form-urlencoded"
151+
```
152+
153+
If all goes as planned, you should receive a response like this:
154+
155+
```
156+
{
157+
"accessToken": "17be4ee45b177651db3fd9d286042de75d48eb3b",
158+
"accessTokenExpiresAt": "2018年11月18日T16:18:35.248Z",
159+
"refreshToken": "37eaff895c8fc9fc839c0098cf3fb01858097908",
160+
"refreshTokenExpiresAt": "2018年12月02日T15:18:35.248Z",
161+
"client": {
162+
"id": "application"
163+
},
164+
"user": {
165+
"id": "pedroetb"
166+
}
167+
}
168+
```
169+
117170
### Using the token
118171

119172
Now, you can use your brand-new token to access restricted areas. For example, you can GET to `http://localhost:3000/` including your token at headers:
120173

121174
* **Headers**
122-
* **Authorization**: `"Bearer " + access_token`
175+
* **Authorization**: `"Bearer " + accessToken`
123176
* (for example, `Bearer 951d6f603c2ce322c5def00ce58952ed2d096a72`)
124177

125178
For example, using `curl`:

‎model.js‎

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@
44

55
var config = {
66
clients: [{
7+
id: 'application', // TODO: Needed by refresh_token grant, because there is a bug at line 103 in https://github.com/oauthjs/node-oauth2-server/blob/v3.0.1/lib/grant-types/refresh-token-grant-type.js (used client.id instead of client.clientId)
78
clientId: 'application',
89
clientSecret: 'secret',
910
grants: [
10-
'password'
11+
'password',
12+
'refresh_token'
1113
],
1214
redirectUris: []
1315
}],
@@ -111,6 +113,42 @@ var getUserFromClient = function(client) {
111113
return clients[0];
112114
};
113115

116+
/*
117+
* Methods used only by refresh_token grant type.
118+
*/
119+
120+
var getRefreshToken = function(refreshToken) {
121+
122+
var tokens = config.tokens.filter(function(savedToken) {
123+
124+
return savedToken.refreshToken === refreshToken;
125+
});
126+
127+
if (!tokens.length) {
128+
return;
129+
}
130+
131+
var token = Object.assign({}, tokens[0]);
132+
token.user.username = token.user.id;
133+
134+
return token;
135+
};
136+
137+
var revokeToken = function(token) {
138+
139+
config.tokens = config.tokens.filter(function(savedToken) {
140+
141+
return savedToken.refreshToken !== token.refreshToken;
142+
});
143+
144+
var revokedTokensFound = config.tokens.filter(function(savedToken) {
145+
146+
return savedToken.refreshToken === token.refreshToken;
147+
});
148+
149+
return !revokedTokensFound.length;
150+
};
151+
114152
/**
115153
* Export model definition object.
116154
*/
@@ -120,5 +158,7 @@ module.exports = {
120158
getClient: getClient,
121159
saveToken: saveToken,
122160
getUser: getUser,
123-
getUserFromClient: getUserFromClient
161+
getUserFromClient: getUserFromClient,
162+
getRefreshToken: getRefreshToken,
163+
revokeToken: revokeToken
124164
};

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /