I am currently working on a service written in Node.js (and later deployed on docker). This service should get data from another server/service which has a REST Api protected by a token. I could get this token from a (user)service which uses oAuth2 (Username/Password).
Currently I found this NPM package: https://www.npmjs.com/package/simple-oauth2
I did try "Authorization Code flow" and "Password Credentials Flow". The second one should do the trick because I will not need any user interface and the service should just get the token (and refresh tokens) so that I can call the API.
But it is not working (I get no token back). I would need to add a "scope" but this seems not possible with "Password Flow" but using "Auth Flow" also does not work. I think another problem might be the "tokenPath" and "authorizePath" options. I am not sure what to use here. Using the default values return "Invalid path". Using "/account/login" for both "works" but does not return anything with the right values (I see that there is something 'done' because I can debug the oAuth2 service).
Looking at the "/.well-known/openid-configuration" I see that there are: "authorization_endpoint": "<url>/connect/authorize","token_endpoint": "<url>/connect/token" But using both also does not work. If I understand it correct these endpoints should only work when using openId. So I tried https://www.npmjs.com/package/oidc-client but get an sessionStorage error when running it, which might have the cause that this should only be used for browser based calls (which I do not want to have in the end).
So my question is if anybody can help me with an example? In particular for a node.js implementation. Or which package should be used?
Thanks, Andreas
via Andreas Hohn
No comments:
Post a Comment