Skip to content

GitLab

Switch branch/tag
Find file BlameHistoryPermalink
README.md 2.83 KB
EditWeb IDE

This example demonstrates how to implement OAuth2 framework. It is created to help Vietnam team to implement OAuth2 framework with CryptoBadge. To run the example, clone or download the git repository.

git clone http://git.baikal.io/bombkyu/login-with-cryptobadge-express-oauth2

/server represents OAuth2 Authorization server (CryptoBadge or CryptoPass) and Resource server (CryptoBadge GraphQL API).

npm i
npm start

/client represents OAuth2 client (Vingle).

npm i
npm start

A /server process and /client process will listen to 4000 and 3002 port, respectively. I added explanation for what each step means from an OAuth2 view.

OAuth2 terminology As is To be
Resource owner You CryptoBadge user
Authorization server localhost:4000 cryptobadge.app or crypto pass
Resource server localhost:4000 api.cryptobadge.app
Client localhost:3002 vingle.net
  • Visit http://localhost:3002/
    • The resource owner visists the client.
  • Click 'Login with CryptoBadge' button.
    • The resource owner is redirected to the authorization server.
  • Input username and password following the given hint.
    • The resource owner signs in to the authorization server.
  • Approve 'Vingle' by clicking 'Allow' button.
    • The resource owner reads what resources the client want from me (scope) in the webpage and decide to authorize it.
  • You will be returned to http://localhost:3002/success
    • If the resourcec owner authorizes it, the authorization server issues a code.
    • The client exchanges the code with the the token containing access token and refresh token, and set the token somewhere.
  • Click 'Check your info'
    • The web client of the client sends a request with the access token.
    • The resource server authenticates the request according to the attached access toekn and decides to return an email (if the email belongs to the resource owner) or null (if the email doesn't belong to the resource owner).

To analyze the flow, focus on /server/index.js and /client/index.js.

How to refresh token

confidential client
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=refresh_token&client_id=1b0fbe1836d2133ba3c3d3475b3bad9acae57ff6&client_secret=68529ae2c23361ebd5f4946f09c1cf36f44bb580&refresh_token=046b64c4992ebcd2528e54abb5f1fd373ecc505a' http://localhost:4000/oauth2/token
public client
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=refresh_token&client_id=6123bbbf9687fa95b97836a55a3b262416b9abc4&refresh_token=db03698e15e6c53c1c234d032cbb3c6811e4519b' http://localhost:4000/oauth2/token