slavab89 / oauth2-server-example-mongodb Goto Github PK

So after creating a working example for this i now need to start working with it :)
The question is what is the correct flow.

My architecture is going to be something like the following:
https://dglozic.files.wordpress.com/2014/10/micro-authentication.png
Meaning that i'll have a web application that's running on some nodeJS server, and i'll have this project on a different server that should take care of user authentications (and later on services)

So how will it work? Say i'm going into my site for the first time. Obviously i dont have an access token (as a user). So i click on the login button. Now there are 2 options:

1. i immediately show a username and password page.
   Once i enter that info, a grant_type=password request will be send with a client_id and client_secret of the nodejs server that the web application runs on
2. I send a response_type=code request, and because i dont have any additional authorization header i will not be redirected to the redirect_url, instead i'll be redirected to a login page that's hosted on... (the web application server??)
   It will ask me to enter a username and password triggering grant_type=password request that will get me the access_token and send the response_type=code request again (?!) and continue with grant_type=authorization_code to get the access token that i already have?!

Option 2 seems to be impossible and incorrect but then i dont see when i will need to use the response_type=code request.

I might be totally off in my thinking and i will really be glad if someone could straighten things up for me.

Hey,

Thanks a lot, for the example repo, Its been really helpful. But I am getting stuck while making the flow. I have a question regarding this, can you please answer it?

While using authorization_code grant flow, it is asking for access token in the request, which will be retrieved using client_credential grant flow. I want to know:

is there some configuration is given to us using which we can just use authorization_code flow without access_token(essentially, without authenticating the client)?".

Thanks.

Hi,

I have played around to learn more about oauth and used you repo as an inspiration.
First I want to say thank you for this and it has been helpful for me.
However, of course I have some question I hope you could help me with?

I can play around and get it to work except where I need to base64 encode the clientID and
clientSectrets.

I'm using the online tool https://www.base64encode.org/ without success.

Do you know what it could be? :-)

I am trying to make a request to /oauth/authorize with the client_id, client_secret, grant_type, response_type and redirect_uri but it keeps throwing a 401 unauthorized error. I shoudn't need to authenticate in order to test this should I?

I am getting this Error on using Authorize Code Grant.

getClient e4bd05f16cddd3cb0642cb6c81bed468 null

i am entering the client_id correct but it is returning null everytime.