Added authoriation code example.

Author: shrihari-prakash

authorization-code/.eslintrc

@@ -0,0 +1,50 @@
+{
+ "extends": "eslint:recommended",
+ "env": {
+ "node": true,
+ "mocha": true,
+ "es6": true
+ },
+ "parserOptions": {
+ "ecmaVersion": 9,
+ "sourceType": "module",
+ "ecmaFeatures" : {
+ "globalReturn": false,
+ "impliedStrict": true,
+ "jsx": false
+ }
+ },
+ "rules": {
+ "indent": [
+ "error",
+ 2
+ ],
+ "linebreak-style": [
+ "error",
+ "unix"
+ ],
+ "quotes": [
+ "error",
+ "single"
+ ],
+ "semi": [
+ "error",
+ "always"
+ ],
+ "no-var": [
+ "error"
+ ],
+ "prefer-const": ["error", {
+ "destructuring": "any",
+ "ignoreReadBeforeAssign": false
+ }],
+ "no-unused-vars": [
+ "error", 
+ { 
+ "vars": "all",
+ "args": "none",
+ "ignoreRestSiblings": false 
+ }
+ ]
+ }
+}

authorization-code/README.md

@@ -0,0 +1,98 @@
+# Authorization Code Grant Example
+
+## Architecture
+
+The authorization code workflow is described in
+[RFC 6749, section 4.1](https://datatracker.ietf.org/doc/html/rfc6749.html#section-4.1):
+
+```
++----------+
+| Resource |
+| Owner |
+| |
++----------+
+ ^
+ |
+ (B)
++----|-----+ Client Identifier +---------------+
+| -+----(A)-- & Redirection URI ---->| |
+| User- | | Authorization |
+| Agent -+----(B)-- User authenticates --->| Server |
+| | | |
+| -+----(C)-- Authorization Code ---<| |
++-|----|---+ +---------------+
+ | | ^ v
+ (A) (C) | |
+ | | | |
+ ^ v | |
++---------+ | |
+| |>---(D)-- Authorization Code ---------' |
+| Client | & Redirection URI |
+| | |
+| |<---(E)----- Access Token -------------------'
++---------+ (w/ Optional Refresh Token)
+```
+
+### Provider dependencies
+
+- @node-oauth/express-oauth-server (uses @node-oauth/oauth2-server)
+- express
+- body-parser
+
+### Client dependencies
+
+- express
+- ejs
+
+## Installation and usage
+
+Install dependencies in both provider and client directories:
+
+```shell
+$ cd provider && npm install
+$ cd ../client && npm install
+```
+
+Create a `.env` file in the authorization-code directory:
+
+```
+CLIENT_ID=testclient
+CLIENT_SECRET=testsecret
+REDIRECT_URI=http://localhost:3000/callback
+USER_ID=user1
+USERNAME=demo
+PASSWORD=demo
+```
+
+Start the provider (authorization server + resource server):
+
+```shell
+$ cd provider && npm start
+```
+
+Start the client application:
+
+```shell
+$ cd client && npm start
+```
+
+Visit http://localhost:3000 to start the authorization code flow.
+
+## About This Example
+
+This example demonstrates a clear separation between the OAuth2 provider (authorization server + resource server) and the client application. Unlike other examples that might combine both roles in a single application, this example shows:
+
+- **Provider** (port 8080): Acts as both authorization server and resource server
+- **Client** (port 3000): A separate web application that consumes OAuth2 services
+
+This separation makes it easier to understand what the framework supports and what it doesn't.
+
+## Flow
+
+1. User visits the client application at http://localhost:3000
+2. User clicks "Login" to start the authorization flow
+3. User is redirected to the provider's authorization page
+4. User enters credentials and grants authorization
+5. User is redirected back to the client with an authorization code
+6. Client exchanges the code for an access token
+7. Client can now access protected resources using the access token

authorization-code/client/index.js

@@ -0,0 +1,76 @@
+require("dotenv").config({ path: "../.env" });
+const express = require("express");
+const crypto = require("crypto");
+
+const app = express();
+const states = new Map();
+
+app.set("view engine", "ejs");
+app.set("views", "./views");
+app.use(express.static("public"));
+
+const authServer = "http://localhost:8080";
+const clientId = process.env.CLIENT_ID || "testclient";
+const clientSecret = process.env.CLIENT_SECRET || "testsecret";
+const redirectUri =
+ process.env.REDIRECT_URI || "http://localhost:3000/callback";
+
+function generateState() {
+ return crypto.randomBytes(16).toString("hex");
+}
+
+app.use(express.urlencoded({ extended: false }));
+app.use(express.json());
+
+app.get("/", (req, res) => {
+ res.render("index", {
+ authServer: authServer,
+ });
+});
+
+app.get("/login", (req, res) => {
+ const state = generateState();
+ states.set(state, { created: Date.now() });
+
+ res.render("authorize", {
+ client: { id: clientId },
+ redirectUri: redirectUri,
+ scope: "read write",
+ state: state,
+ authServer: authServer,
+ });
+});
+
+app.get("/callback", (req, res) => {
+ const { code, state, error } = req.query;
+
+ if (error) {
+ return res.render("error", {
+ message: `Authorization Error: ${error}`,
+ });
+ }
+
+ if (!states.has(state)) {
+ return res.render("error", {
+ message: "Invalid State: State parameter mismatch",
+ });
+ }
+
+ states.delete(state);
+
+ res.render("callback", {
+ code: code,
+ state: state,
+ authServer: authServer,
+ clientId: clientId,
+ clientSecret: clientSecret,
+ redirectUri: redirectUri,
+ });
+});
+
+app.get("/logout", (req, res) => {
+ res.redirect("/");
+});
+
+app.listen(3000);
+console.debug("[Client]: listens to http://localhost:3000");

authorization-code/client/package.json

@@ -0,0 +1,14 @@
+{
+ "name": "oauth2-authorization-code-client",
+ "version": "1.0.0",
+ "description": "OAuth2 Authorization Code Grant Client Example",
+ "main": "index.js",
+ "scripts": {
+ "start": "node index.js"
+ },
+ "dependencies": {
+ "dotenv": "^16.0.3",
+ "ejs": "^3.1.9",
+ "express": "^4.18.2"
+ }
+}

authorization-code/client/public/styles.css

@@ -0,0 +1,134 @@
+:root {
+ /* Color Variables */
+ --primary-color: #007bff;
+ --secondary-color: #6c757d;
+ --danger-color: #dc3545;
+ --success-color: #28a745;
+ --white: #ffffff;
+
+ /* Background Colors */
+ --light-bg: #f8f9fa;
+ --success-bg: #d4edda;
+ --danger-bg: #f5c6cb;
+
+ /* Border Colors */
+ --light-border: #dee2e6;
+ --success-border: #c3e6cb;
+ --danger-border: #f5c6cb;
+ --input-border: #ddd;
+
+ /* Spacing */
+ --border-radius: 4px;
+ --padding: 10px;
+ --margin: 10px;
+}
+
+body {
+ font-family: Arial, sans-serif;
+ max-width: 800px;
+ margin: 50px auto;
+ padding: var(--padding);
+}
+
+* {
+ box-sizing: border-box;
+}
+
+.button {
+ display: inline-block;
+ padding: var(--padding);
+ margin: var(--margin);
+ text-decoration: none;
+ border-radius: var(--border-radius);
+ cursor: pointer;
+ border: none;
+ font-size: 14px;
+ font-weight: normal;
+ text-align: center;
+ vertical-align: middle;
+}
+
+.primary {
+ background: var(--primary-color);
+ color: var(--white);
+}
+
+.secondary {
+ background: var(--secondary-color);
+ color: var(--white);
+}
+
+.danger {
+ background: var(--danger-color);
+ color: var(--white);
+ border: 1px solid var(--danger-border);
+}
+
+.alert {
+ padding: var(--padding);
+ margin: var(--margin) 0;
+ border-radius: var(--border-radius);
+}
+
+.success {
+ background: var(--success-bg);
+ border: 1px solid var(--success-border);
+}
+
+.info {
+ background: var(--light-bg);
+ padding: var(--padding);
+ border: 1px solid var(--light-border);
+ margin-bottom: var(--margin);
+}
+
+.result {
+ background: var(--light-bg);
+ padding: var(--padding);
+ border: 1px solid var(--light-border);
+ border-radius: var(--border-radius);
+ margin: var(--margin) 0;
+}
+
+.form-group {
+ margin-bottom: var(--margin);
+}
+
+label {
+ display: block;
+ margin-bottom: var(--margin);
+}
+
+input[type="text"],
+input[type="password"] {
+ width: 100%;
+ padding: var(--padding);
+ border: 1px solid var(--input-border);
+ border-radius: var(--border-radius);
+}
+
+.code {
+ background: var(--light-bg);
+ padding: var(--padding);
+ border: 1px solid var(--light-border);
+ font-family: monospace;
+ border-radius: var(--border-radius);
+}
+
+pre {
+ background: var(--light-bg);
+ padding: var(--padding);
+ border: 1px solid var(--light-border);
+ border-radius: var(--border-radius);
+ overflow-x: auto;
+}
+
+.text-center {
+ text-align: center;
+}
+
+.status {
+ padding: var(--padding);
+ border-radius: var(--border-radius);
+ margin: var(--margin) 0;
+}