Skip to content

Latest commit

 

History

History
46 lines (31 loc) · 1.57 KB

File metadata and controls

46 lines (31 loc) · 1.57 KB

oauth2orize_resource_owner_password_example

This is an example of the oAuth resource owner password flow using oauth2orize, express 4 and mongoDB.

Installation
git clone https://github.com/reneweb/oauth2orize_resource_owner_password_example.git
npm install
node app.js

Note: You may need to change the database configuration in the db.js file, if mongoDB doesn't run using the default port or is not running on localhost.

Usage (with cURL)
0 - Create a client

First of all you need to create a client in the clients collection, for example, with the mongo shell. The client should have a clientId, a clientSecret and it should be a trustedClient. For example: {"clientId" : "test", "clientSecret" : "secret", "trustedClient" : true}

1 - Register a user
curl -v -H "Content-Type: application/json" -X POST <IP>:<PORT>/users -d '{"username": "<username>", "password": "<password>"}'
2 - Get an access token
curl -v -H "Content-Type: application/json" -X POST <IP>:<PORT>/oauth/token -u <clientId>:<clientSecret> -d '{"username": "<username>", "password": "<password>", "grant_type": "password"}'
3 - Access a restricted resource using the access token
curl -X GET <IP>:<PORT>/restricted -v -H "Authorization: Bearer <accessToken>"
4 - Get a new access token using the refresh token
curl -X POST <IP>:<PORT>/oauth/token -u <clientId>:<clientSecret> -v -H "Content-Type: application/json" -d '{"grant_type": "refresh_token", "refresh_token": "<refreshToken>"}'