Menu
Is there an OAuth2.0 library for Node.js, which is being used (or planned to be used) in a live, production system?
937
Nothing prevents a frontend web application from running a PKCE-based Authorization Code flow. Because of all these reasons, the OAuth 2.0 Security Best Current Practice considers the Implicit flow to be deprecated.
Let's start with the biggest reason why OAuth isn't authentication: access tokens are not intended for the client application. When an authorization server issues an access token, the intended audience is the protected resource. After all, this is what the token is providing access to.
In OAuth 2.0, the following three parties are involved: The user, who possesses data that is accessed through the API and wants to allow the application to access it. The application, which is to access the data through the API on the user's behalf. The API, which controls and enables access to the user's data.
node-oauth is generally a good bet.
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
