Model Overview
OAuth2Server requires a model object through which some aspects of storage, retrieval and custom validation are abstracted.
Migration Notes
Version >=5.x: Callback support has been removed! Each model function supports either sync or async (Promise or async function) return values.
Version <=4.x: Each model function supports promises, Node-style callbacks, ES6 generators and async/await (using Babel). Note that promise support implies support for returning plain values where asynchronism is not required.
Request Authentication
The authorization server authenticates requests that are sent to the resource server by verifying the included bearer token.
Model functions used during request authentication:
Grant Types
For each grant type there are different model required, optional or unused. The following sections describe the grant types and the model functions, required for the grants.
Authorization Code Grant
Model functions required by the authorization code grant:
Required if no custom authenticate handler used:
Required if custom authenticate handler used:
Optional, but recommended:
Client Credentials Grant
Model functions used by the client credentials grant:
Optional, but recommended:
Refresh Token Grant
Model functions used by the refresh token grant:
Password Grant
Model functions used by the password grant:
Extension Grants
The authorization server may also implement custom grant types to issue access (and optionally refresh) tokens.
See extension grants