Gathering detailed insights and metrics for passport-oauth2
Gathering detailed insights and metrics for passport-oauth2
OAuth 2.0 authentication strategy for Passport and Node.js.
Installations
npm install passport-oauth2Developer Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 0.4.0
Node Version
20.5.1
NPM Version
9.8.0
Releases
Unable to fetch releases
Languages
2
JavaScript
Makefile
JavaScript (99.95%)
Makefile (0.05%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
612 Stars
206 Commits
347 Forks
17 Watchers
7 Branches
13 Contributors
Updated on Jul 10, 2025
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
1.8.0
Package Id
passport-oauth2@1.8.0
Unpacked Size
35.70 kB
Size
9.89 kB
File Count
15
NPM Version
9.8.0
Node Version
20.5.1
Published on
Feb 02, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
5
passport-oauth2
General-purpose OAuth 2.0 authentication strategy for Passport.
This module lets you authenticate using OAuth 2.0 in your Node.js applications. By plugging into Passport, OAuth 2.0-based sign in can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
Note that this strategy provides generic OAuth 2.0 support. In many cases, a provider-specific strategy can be used instead, which cuts down on unnecessary configuration, and accommodates any provider-specific quirks. See the list for supported providers.
Developers who need to implement authentication against an OAuth 2.0 provider that is not already supported are encouraged to sub-class this strategy. If you choose to open source the new provider-specific strategy, please add it to the list so other people can find it.
:brain: Understanding OAuth 2.0 • :heart: Sponsors
Advertisement
Learn OAuth 2.0 - Get started as an API Security Expert
Just imagine what could happen to YOUR professional career if you had skills in OAuth > 8500 satisfied students
Install
$ npm install passport-oauth2
Usage
Configure Strategy
The OAuth 2.0 authentication strategy authenticates users using a third-party
account and OAuth 2.0 tokens. The provider's OAuth 2.0 endpoints, as well as
the client identifer and secret, are specified as options. The strategy
requires a verify callback, which receives an access token and profile,
and calls cb providing a user.
1passport.use(new OAuth2Strategy({
2 authorizationURL: 'https://www.example.com/oauth2/authorize',
3 tokenURL: 'https://www.example.com/oauth2/token',
4 clientID: EXAMPLE_CLIENT_ID,
5 clientSecret: EXAMPLE_CLIENT_SECRET,
6 callbackURL: "http://localhost:3000/auth/example/callback"
7 },
8 function(accessToken, refreshToken, profile, cb) {
9 User.findOrCreate({ exampleId: profile.id }, function (err, user) {
10 return cb(err, user);
11 });
12 }
13));Authenticate Requests
Use passport.authenticate(), specifying the 'oauth2' strategy, to
authenticate requests.
For example, as route middleware in an Express application:
1app.get('/auth/example', 2 passport.authenticate('oauth2')); 3 4app.get('/auth/example/callback', 5 passport.authenticate('oauth2', { failureRedirect: '/login' }), 6 function(req, res) { 7 // Successful authentication, redirect home. 8 res.redirect('/'); 9 });
Related Modules
- passport-oauth1 — OAuth 1.0 authentication strategy
- passport-http-bearer — Bearer token authentication strategy for APIs
- OAuth2orize — OAuth 2.0 authorization server toolkit
Contributing
Tests
The test suite is located in the test/ directory. All new features are
expected to have corresponding test cases. Ensure that the complete test suite
passes by executing:
1$ make test
Coverage
All new feature development is expected to have test coverage. Patches that increse test coverage are happily accepted. Coverage reports can be viewed by executing:
1$ make test-cov 2$ make view-cov
License
Copyright (c) 2011-2016 Jared Hanson <http://jaredhanson.net/>
Moderate
5.3/10
Summary
Improper Access Control in passport-oauth2
Affected Versions
< 1.6.1
Patched Versions
1.6.1
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq
- Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 2/21 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 13 are checked with a SAST tool
Score
1.9
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More