Public | Automated Build

Last pushed: 3 years ago
Short Description
Short description is empty for this repo.
Full Description

Oauth2 proxy for identity provider

This application is designed to negociate personal access tokens from identity provider.
We implements here specifications of OAuth2 Authorization code flow.

The expressJS server included in this application is currently listening on port 8001
and intercepts requests in order to hide OAuth2 mechanism while asking a bearer token.

It also injects both client id and client secret. This avoids you to hardcode these sensitive
parameters into a javascript application for example.

You can include this package by adding the following dependency in your package.json file.

"dependencies": {
  "node_oauth2_proxy": "PredicSis/node_oauth2_proxy"


You can configure this application by defining some environment variables:

  • VERBOSE (default: undefined) tells the nodeJS application to output request's details
  • NODE_ENV (default: undefined) available values are :
    • dev
    • staging (disable rejection of unauthorized request as we use a self-signed certificate)
    • production
  • OAUTH_CORS_ORIGIN : (default: undefined) origin of your requests to this app, used for CORS configuration
  • OAUTH_CLIENTID (default: undefined)
  • OAUTH_SECRETID (default: undefined)
  • OAUTH_PROVIDER (default: http://localhost) endpoint of running instance of identity
  • OAUTH_REDIRECT (default: http://localhost/oauth/callback) is the redirect URI of your superApp stored in your database
  • NEWRELIC_LICENSE_KEY your new-relic key if you want to monitor activity of this application

Then, run node proxy.js to start the application. It will output something like (according to your configuration)

=> Environment: dev
=> Express server started on port 8001
    ├── GET  /
    ├── GET  /oauth/authorize
    ├── GET  /oauth/callback
    └── POST /oauth/refresh
=> CORS enabled
    ├── Allowed origin(s) : localhost
    ├── Allowed method(s) : GET, POST, OPTIONS
    └── Allowed header(s) : Content-Type, Authorization, x-refresh-token
=> OAuth configuration
    ├── client id : 64-length string
    ├── client secret : 64-length string
    ├── provider : http://localhost:3000
    ├── redirect : http://localhost/oauth/callback
    └── path for request bearer token: /oauth/authorize


This application handles:

  • requesting a bearer token (GET /oauth/authorize)
  • refreshing a bearer token (GET /oauth/refresh)
Docker Pull Command
Source Repository