61 lines
2.3 KiB
JavaScript
61 lines
2.3 KiB
JavaScript
/**
|
|
* Module dependencies.
|
|
*/
|
|
var TokenError = require('../errors/tokenerror');
|
|
|
|
|
|
/**
|
|
* Exchanges authorization grants for access tokens.
|
|
*
|
|
* Obtaining authorization via OAuth 2.0 consists of a sequence of discrete
|
|
* steps. First, the client requests authorization from the user (in this case
|
|
* using an authorization server as an intermediary). The authorization server
|
|
* conducts an approval dialog with the user to obtain permission. After access
|
|
* has been allowed, a grant is issued to the client which can be exchanged for
|
|
* an access token.
|
|
*
|
|
* This middleware is used to exchange a previously issued authorization grant
|
|
* for an access token (a string denoting a specific scope, lifetime, and other
|
|
* access attributes).
|
|
*
|
|
* The types of the grants that can be exchanged will depend on the types
|
|
* supported by the server. An application can implement support for these
|
|
* types as necessary, including taking advantage of bundled grant and exchange
|
|
* middleware.
|
|
*
|
|
* Note that clients issued credentials must authenticate when when making
|
|
* requests to the token endpoint. This is essential for enforcing the binding
|
|
* of authorization codes and refresh tokens to the client they were issued to.
|
|
* Some client deployments may be incapable of secure client authentication.
|
|
* Applications are responsible for determining what level of exposure is
|
|
* acceptable, and handling such clients and displaying notices as appropriate.
|
|
*
|
|
* Examples:
|
|
*
|
|
* app.post('/token',
|
|
* passport.authenticate(['basic', 'oauth2-client-password'], { session: false }),
|
|
* server.token(),
|
|
* server.errorHandler());
|
|
*
|
|
* References:
|
|
* - [Token Endpoint](http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-3.2)
|
|
*
|
|
* @param {Server} server
|
|
* @param {Object} options
|
|
* @return {Function}
|
|
* @api protected
|
|
*/
|
|
module.exports = function token(server, options) {
|
|
options = options || {};
|
|
|
|
if (!server) { throw new TypeError('oauth2orize.token middleware requires a server argument'); }
|
|
|
|
return function token(req, res, next) {
|
|
var type = req.body.grant_type;
|
|
|
|
server._exchange(type, req, res, function(err) {
|
|
if (err) { return next(err); }
|
|
return next(new TokenError('Unsupported grant type: ' + type, 'unsupported_grant_type'));
|
|
});
|
|
};
|
|
};
|