Chapter 5. Building a simple OAuth authorization server

This chapter covers

  • Managing registered OAuth clients
  • Having a user authorize a client
  • Issuing a token to an authorized client
  • Issuing and responding to a refresh token

In the last two chapters, we built an OAuth client application that fetched a token from an authorization server and used that token at a protected resource, and we built the protected resource for the client to access. In this chapter, we’ll build a simple authorization server that supports the authorization code grant type. This component manages clients, performs the delegation action core to OAuth, and issues tokens to clients.


All of the exercises and examples in this book are built using Node.js ...

Get OAuth 2 in Action now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.