Implement OAuth2 Server in Meteor.js

OAuth2 Authentication, is solution to secure your web API or Web application routes using token based authentication process. Here, I am assuming that you may have prior knowledge about OAuth2 Authentication process. If you are not clear about how it works then I would suggest you to read this article.

Refer this article to understand how to implement OAuth2 in node.js. We will use same module package in Meteor.

Install Package

2. Install - rocketchat:oauth2-server package

meteor add rocketchat:oauth2-server

Configure oAuth

Create Server side file having following configuration options.

    oauth2server =  new OAuth2Server({
        // You can change the collection names, the values
        // below are the default values.
        accessTokensCollectionName: 'oauth_access_tokens',
        refreshTokensCollectionName: 'oauth_refresh_tokens',
        clientsCollectionName: 'oauth_clients',
        authCodesCollectionName: 'oauth_auth_codes',
        // You can pass the collection object too
        // accessTokensCollection: new Meteor.Collection('custom_oauth_access_tokens'),
        // refreshTokensCollection: new Meteor.Collection('custom_oauth_refresh_tokens'),
        // clientsCollection: new Meteor.Collection('custom_oauth_clients'),
        // authCodesCollection: new Meteor.Collection('custom_oauth_auth_codes'),
        // You can enable some logs too
        debug: true
    });
        

Here I would prefer to use default configuration and let package create collection by their own. If you notice I have omitted var keyword while creating oAuth server because I want to access this variable from anywhere on server.

But Why?

Because, we will need to add/update client id, client secret and redirect uri. To make this package work you will need to have record in oauth_clients.

To do so you will need to access client collection via oAuth2-server package using code below.

oauth2server.model.Clients

Now, accessing this collection you can easily add OAuth Client creation flow in your web app. Now each user in your web app can easily generate client credentials for OAuth to work.

To authenticate all your request you need to set

//For Normal Meteor Web App
WebApp.rawConnectHandlers.use(oauth2server.app);
WebApp.rawConnectHandlers.use('/api', oauth2server.oauth.authorise());
WebApp.rawConnectHandlers.use(oauth2server.oauth.errorHandler());

//For meteor-restivus
//Git: https://github.com/kahmali/meteor-restivus
//Install: https://atmospherejs.com/simple/json-routes
//JsonRoutes.Middleware.use(oauth2server.app);
//JsonRoutes.Middleware.use('/api', oauth2server.oauth.authorise());
//JsonRoutes.Middleware.use(oauth2server.oauth.errorHandler());

Now just simple make call to get Authentication Code.

POST call to http://localhost:3000/oauth/authorize having following parameters.

 

You may notice I have not supplied allow parameter as I have modified oauth2-package accordingly.

If success, you will be redirected to http://localhost:3000?code={somecode}.

Now, to get token you will need to POST on http://localhost:3000/oauth/token as shown in the image below.

In return you will get response with access_token. And you can use this token in subsequent requests.

Conclusion

Implementing OAuth2 in Meteor is straight forward using package rocketchat:oauth2-server.

Hire Us