A standards compliant implementation of an OAuth 2.0 authorization server for Node that utilizes JWT and Proof Key for Code Exchange (PKCE), written in TypeScript.
TypeScript OAuth2.0 Server
@jmondi/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in TypeScript.
Requires node >= 18. Read the docs
The following RFCs are implemented:
- RFC6749 “OAuth 2.0”
- RFC6750 “The OAuth 2.0 Authorization Framework: Bearer Token Usage”
- RFC7009 “OAuth 2.0 Token Revocation”
- RFC7519 “JSON Web Token (JWT)”
- RFC7636 “Proof Key for Code Exchange by OAuth Public Clients”
- RFC7662 “OAuth 2.0 Token Introspection”
- RFC8693 “OAuth 2.0 Token Exchange”
Out of the box it supports the following grants:
- Authorization code grant
- Client credentials grant
- Refresh grant
- Implicit grant // not recommended
- Resource owner password credentials grant // not recommended
Framework support:
The included adapters are just helper functions, any framework should be supported. Take a look at the adapter implementations to learn how you can create custom adapters for your favorite tool!
Example implementations:
Security
| Version | Latest Version | Security Updates |
|---|---|---|
| 4.x | 🎉 | 🎉 |
| 3.x | 🎉 | 🎉 |
| 2.x | 🎉 |
Migration Guide
Thanks
This project is inspired by the PHP League’s OAuth2 Server. Check out the PHP League’s other packages for some other great PHP projects.