Meteor Community Logo

Meteor Community

Packosphere

undefined's Avatar

rocketchat:oauth2-server

v3.0.0Published 3 years ago

This package has not had recent updates. Please investigate it's current state before committing to using it in your project.

oauth2-server

This package is a implementation of the package node-oauth2-server for Meteor.

It implements the authorization_code and works like the Facebook's OAuth popup.

Install

meteor add rocketchat:oauth2-server

Implementation

Server implementation

  • Initialize the lib
  • Add routes to the default router
  • Implement an authenticated route

server/oauth2server.js

1var oauth2server = new OAuth2Server({
2  // You can change the collection names, the values
3  // below are the default values.
4  accessTokensCollectionName: 'oauth_access_tokens',
5  refreshTokensCollectionName: 'oauth_refresh_tokens',
6  clientsCollectionName: 'oauth_clients',
7  authCodesCollectionName: 'oauth_auth_codes',
8  // You can pass the collection object too
9  // accessTokensCollection: new Meteor.Collection('custom_oauth_access_tokens'),
10  // refreshTokensCollection: new Meteor.Collection('custom_oauth_refresh_tokens'),
11  // clientsCollection: new Meteor.Collection('custom_oauth_clients'),
12  // authCodesCollection: new Meteor.Collection('custom_oauth_auth_codes'),
13  // You can enable some logs too
14  debug: true
15});
16
17// Add the express routes of OAuth before the Meteor routes
18WebApp.rawConnectHandlers.use(oauth2server.app);
19
20// Add a route to return account information
21oauth2server.routes.get('/account', oauth2server.oauth.authorise(), function(req, res, next) {
22  var user = Meteor.users.findOne(req.user.id);
23
24  res.send({
25    id: user._id,
26    name: user.name
27  });
28});

Client/Pupup implementation

client/authorize.js

1// Define the route to render the popup view
2FlowRouter.route('/oauth/authorize', {
3  action: function(params, queryParams) {
4    BlazeLayout.render('authorize', queryParams);
5  }
6});
7
8// Subscribe the list of already authorized clients
9// to auto accept
10Template.authorize.onCreated(function() {
11  this.subscribe('authorizedOAuth');
12});
13
14// Get the login token to pass to oauth
15// This is the best way to identify the logged user
16Template.authorize.helpers({
17  getToken: function() {
18    return localStorage.getItem('Meteor.loginToken');
19  }
20});
21
22// Auto click the submit/accept button if user already
23// accepted this client
24Template.authorize.onRendered(function() {
25  var data = this.data;
26  this.autorun(function(c) {
27    var user = Meteor.user();
28    if (user && user.oauth && user.oauth.authorizedClients && user.oauth.authorizedClients.indexOf(data.client_id()) > -1) {
29      c.stop();
30      $('button').click();
31    }
32  });
33});

client/authorize.html

1<template name="authorize">
2  {{#if currentUser}}
3    <form method="post" action="" role="form" class="{{#unless Template.subscriptionsReady}}hidden{{/unless}}">
4      <h2>Authorise</h2>
5      <input type="hidden" name="allow" value="yes">
6      <input type="hidden" name="token" value="{{getToken}}">
7      <input type="hidden" name="client_id" value="{{client_id}}">
8      <input type="hidden" name="redirect_uri" value="{{redirect_uri}}">
9      <input type="hidden" name="response_type" value="code">
10      <button type="submit">Authorise</button>
11    </form>
12    {{#unless Template.subscriptionsReady}}
13      loading...
14    {{/unless}}
15  {{else}}
16    {{> loginButtons}}
17  {{/if}}
18</template>

client/style.css

1.hidden {
2  display: none;
3}