Blog
About
Now

Sails oauth2

Jul 24th, 2017
1 min read
info

This document are intended and mark as for personal use only.

  1. Start application
sails lift
  1. Start server for trustedClient.js (or untrustedClient.js for example, see Footnotes)
cd examples

node trustedClient.js
  1. Authorization code grant
http://localhost:81/oauth/authorize?client_id=CLIENT_ID&response_type=code&redirect_uri=http://localhost:1338&scope=http://localhost:81
  1. Once the authorization code is received, exchange it against an access token with the following request
curl -XPOST -d 'client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&redirect_uri=http://localhost:1338&code=CODE' http://localhost:81/oauth/token

Resource owner password flow (this flow is only available if the client is among the trusted clients)

curl -XPOST "http://localhost:1337/oauth/token" -d "grant_type=password&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&username=USERNAME&password=PASSWORD"

Choose one of the method above, this returns an access token and a refresh token in a the following json format

{
  "access_token":"wz80aFzNidTAE8hE0Yom2bi9zQNQ22VJcAoSN2lxm6vEBHV0N11xmDiW94Q3LZCsACv41H2CPhKeUO95vydzNbSytlyc6BGMRhbYQ5cqRK4klNxect3p6wim1O8COV1rplbcRO99QCBuRDPLo9aS92ThtSjqZK3mCceFabiy566EctdVT8xSBpwzCyqWw9tONedgIrEsL8SMdPNL8hVvDNJ7W77DE2nOZnFhrFYciS7RccPkc7vVuYcJ4Q49xEM",
  "refresh_token":"VIuRSlvAYLgn0xMaBHTF0LUxdyqR3i6hNwwEPu5iPqXRXLOftYkKQRuRfMhPqSAaY3Ym1gVKYQqtKrUQLg5xOB0MzBucEMd21Gzy0b5karTuuUrQTPzF96uCztOh37tQxplX9OQSlcO96N7N3RgN06nJxMLFQRZIalZkTtpRBSJc7Vs79tDkOv8dm95WSdYefnfoOuJSeUtc3D5d2XiEWXkjUHS8O5vm9rRhoGrpNAUHfijdLIYR6QzY3urAV5AI",
  "expires_in":3600,
  "token_type":"Bearer"
}

Once the access_token is retrieved, it needs to be passed in the Authorization header of each request to the API as in the following example:

curl -H 'Authorization: Bearer ACCESS_TOKEN' -GET "http://localhost:81/api/info
  1. Protected endpoint.

Open config/policies.js, Apply ‘oauthBearer’ policies into controller action will make that resources oauth protected, example:

InfoController: {
  'index': 'oauthBearer'
}

Footnotes

  • Handle trusted and untrusted application
    1. Trusted application will use resource owner’s password credential (no login form displayed to the user)
    2. Untrusted application will use authorization code grant (login form displayed and presenting the Allow / Deny options)
sails
oauth
Octobiwan

Be an awesome subscriber to get random content sent to your inbox.

Share this post ❤️