{"id":23164822,"url":"https://github.com/pedroetb/node-oauth2-server-mongo-example","last_synced_at":"2025-10-23T18:20:48.186Z","repository":{"id":50713442,"uuid":"75987536","full_name":"pedroetb/node-oauth2-server-mongo-example","owner":"pedroetb","description":"Working oauth2 server with mongodb storage and minimal configuration","archived":false,"fork":false,"pushed_at":"2022-12-10T16:34:38.000Z","size":76,"stargazers_count":106,"open_issues_count":4,"forks_count":53,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-07-13T06:56:33.166Z","etag":null,"topics":["mongodb","mongodb-storage","nodejs","oauth","oauth2","oauth2-server"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pedroetb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-09T00:46:09.000Z","updated_at":"2025-05-22T02:56:52.000Z","dependencies_parsed_at":"2023-01-26T09:31:33.763Z","dependency_job_id":null,"html_url":"https://github.com/pedroetb/node-oauth2-server-mongo-example","commit_stats":{"total_commits":22,"total_committers":2,"mean_commits":11.0,"dds":"0.045454545454545414","last_synced_commit":"9392dfb351e7536be0bc095d5fd70c7804bfb7d6"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/pedroetb/node-oauth2-server-mongo-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroetb%2Fnode-oauth2-server-mongo-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroetb%2Fnode-oauth2-server-mongo-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroetb%2Fnode-oauth2-server-mongo-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroetb%2Fnode-oauth2-server-mongo-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pedroetb","download_url":"https://codeload.github.com/pedroetb/node-oauth2-server-mongo-example/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pedroetb%2Fnode-oauth2-server-mongo-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270703001,"owners_count":24630991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-16T02:00:11.002Z","response_time":91,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mongodb","mongodb-storage","nodejs","oauth","oauth2","oauth2-server"],"created_at":"2024-12-18T01:13:24.566Z","updated_at":"2025-10-23T18:20:48.118Z","avatar_url":"https://github.com/pedroetb.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node-oauth2-server with MongoDB example\n\nThis is a basic example of a OAuth2 server, using [node-oauth2-server](https://github.com/oauthjs/node-oauth2-server) (version 3.0.1) with MongoDB storage and the minimum (only the required to work) model configuration.\n\nIf you want a simpler example without MongoDB storage, you should go to [node-oauth2-server-example](https://github.com/pedroetb/node-oauth2-server-example) instead.\n\n## Setup\n\nFirst, you should have [MongoDB](https://www.mongodb.com/) installed and running on your machine.\n\nYou also need to install **nodejs** and **npm** and then, simply run `npm install` and `npm start`. The server should now be running at `http://localhost:3000`.\n\n## Usage\n\nYou can use different grant types to get an access token. By now, `password`, `client_credentials` and `refresh_token` are available.\n\n### Checking example data\n\nFirstly, you should create some entries in your **MongoDB** database.\n\n\u003e You can call the `loadExampleData` function at `model.js` in order to create these entries automatically, and `dump` function to inspect the database content.\n\n#### With *password* grant\n\nYou need to add a client. For example:\n\n* **clientId**: `application`\n* **clientSecret**: `secret`\n\nAnd you have to add a user too. For example:\n\n* **username**: `pedroetb`\n* **password**: `password`\n\n#### With *client_credentials* grant\n\nYou need to add a confidential client. For example:\n\n* **clientId**: `confidentialApplication`\n* **clientSecret**: `topSecret`\n\nYou don't need any user to use this grant type, but for security is only available to confidential clients.\n\n#### With *refresh_token* grant\n\nThere is one client added to server and ready to work:\n\n* **clientId**: `application`\n* **clientSecret**: `secret`\n\nYou don't need any user to use this grant type, it was already provided when original token was obtained (by *password* grant type, for example).\n\n### Obtaining a token\n\nTo obtain a token you should POST to `http://localhost:3000/oauth/token`.\n\n#### With *password* grant\n\nYou need to include the client credentials in request headers and the user credentials and grant type in request body:\n\n* **Headers**\n\t* **Authorization**: `\"Basic \" + clientId:clientSecret base64'd`\n\t\t* (for example, to use `application:secret`, you should send `Basic YXBwbGljYXRpb246c2VjcmV0`)\n\n\t* **Content-Type**: `application/x-www-form-urlencoded`\n* **Body**\n\t* `grant_type=password\u0026username=pedroetb\u0026password=password`\n\t\t* (contains 3 parameters: `grant_type`, `username` and `password`)\n\nFor example, using `curl`:\n```\ncurl http://localhost:3000/oauth/token \\\n\t-d \"grant_type=password\" \\\n\t-d \"username=pedroetb\" \\\n\t-d \"password=password\" \\\n\t-H \"Authorization: Basic YXBwbGljYXRpb246c2VjcmV0\" \\\n\t-H \"Content-Type: application/x-www-form-urlencoded\"\n```\n\nIf all goes as planned, you should receive a response like this:\n\n```\n{\n\t\"accessToken\": \"951d6f603c2ce322c5def00ce58952ed2d096a72\",\n\t\"accessTokenExpiresAt\": \"2018-11-18T16:18:25.852Z\",\n\t\"refreshToken\": \"67c8300ad53efa493c2278acf12d92bdb71832f9\",\n\t\"refreshTokenExpiresAt\": \"2018-12-02T15:18:25.852Z\",\n\t\"client\": {\n\t\t\"id\": \"application\"\n\t},\n\t\"user\": {\n\t\t\"id\": \"pedroetb\"\n\t}\n}\n```\n\n#### With *client_credentials* grant\n\nYou need to include the client credentials in request headers and the grant type in request body:\n\n* **Headers**\n\t* **Authorization**: `\"Basic \" + clientId:clientSecret base64'd`\n\t\t* (for example, to use `confidentialApplication:topSecret`, you should send `Basic Y29uZmlkZW50aWFsQXBwbGljYXRpb246dG9wU2VjcmV0`)\n\n\t* **Content-Type**: `application/x-www-form-urlencoded`\n* **Body**\n\t* `grant_type=client_credentials`\n\nFor example, using `curl`:\n```\ncurl http://localhost:3000/oauth/token \\\n\t-d \"grant_type=client_credentials\" \\\n\t-H \"Authorization: Basic Y29uZmlkZW50aWFsQXBwbGljYXRpb246dG9wU2VjcmV0\" \\\n\t-H \"Content-Type: application/x-www-form-urlencoded\"\n```\n\nIf all goes as planned, you should receive a response like this:\n\n```\n{\n\t\"accessToken\": \"951d6f603c2ce322c5def00ce58952ed2d096a72\",\n\t\"accessTokenExpiresAt\": \"2018-11-18T16:18:25.852Z\",\n\t\"client\": {\n\t\t\"id\": \"confidentialApplication\"\n\t},\n\t\"user\": {\n\t\t\"id\": \"confidentialApplication\"\n\t}\n}\n```\n\n#### With *refresh_token* grant\n\nWhen obtaining an access token using *password* grant, you get also a refresh token.\nWith this token you can get a new access token, using only that value (username and password are not needed), while it has not been expired.\n\n\u003e Remember that, if you refresh a token while it was still valid, the old access and refresh tokens get revoked, and only the new access and refresh tokens are valid to be used.\nYou need to include the client credentials in request headers and the refresh token and grant type in request body:\n\n* **Headers**\n\t* **Authorization**: `\"Basic \" + clientId:clientSecret base64'd`\n\t\t* (for example, to use `application:secret`, you should send `Basic YXBwbGljYXRpb246c2VjcmV0`)\n\n\t* **Content-Type**: `application/x-www-form-urlencoded`\n* **Body**\n\t* `grant_type=refresh_token\u0026refresh_token=67c8300ad53efa493c2278acf12d92bdb71832f9`\n\t\t* (contains 2 parameters: `grant_type` and `refresh_token`)\n\nFor example, using `curl`:\n```\ncurl http://localhost:3000/oauth/token \\\n\t-d \"grant_type=refresh_token\" \\\n\t-d \"refresh_token=67c8300ad53efa493c2278acf12d92bdb71832f9\" \\\n\t-H \"Authorization: Basic YXBwbGljYXRpb246c2VjcmV0\" \\\n\t-H \"Content-Type: application/x-www-form-urlencoded\"\n```\n\nIf all goes as planned, you should receive a response like this:\n\n```\n{\n\t\"accessToken\": \"17be4ee45b177651db3fd9d286042de75d48eb3b\",\n\t\"accessTokenExpiresAt\": \"2018-11-18T16:18:35.248Z\",\n\t\"refreshToken\": \"37eaff895c8fc9fc839c0098cf3fb01858097908\",\n\t\"refreshTokenExpiresAt\": \"2018-12-02T15:18:35.248Z\",\n\t\"client\": {\n\t\t\"id\": \"application\"\n\t},\n\t\"user\": {\n\t\t\"id\": \"pedroetb\"\n\t}\n}\n```\n\n### Using the token\n\nNow, you can use your brand-new token to access restricted areas. For example, you can GET to `http://localhost:3000/` including your token at headers:\n\n* **Headers**\n\t* **Authorization**: `\"Bearer \" + accessToken`\n\t\t* (for example, `Bearer 951d6f603c2ce322c5def00ce58952ed2d096a72`)\n\nFor example, using `curl`:\n```\ncurl http://localhost:3000 \\\n\t-H \"Authorization: Bearer 951d6f603c2ce322c5def00ce58952ed2d096a72\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpedroetb%2Fnode-oauth2-server-mongo-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpedroetb%2Fnode-oauth2-server-mongo-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpedroetb%2Fnode-oauth2-server-mongo-example/lists"}