remotevision · January 16, 2017 21:12 · remotevision · Jan 16, 2017
diff --git a/grant.client_credentials.js b/grant.client_credentials.js
 /* /server/test/grant.client_credentials.js */
 'use strict';

 /* jshint camelcase: false */
 var chai = require('chai');
 chai.should();

 var loopback = require('loopback');
 var app = require('../server/server');
 var request = require('supertest')('https://localhost:3000');

 var TOKEN_ENDPOINT = '/oauth/token';
 var CLIENT_ID = '456';
 var CLIENT_SECRET = 'secret';

 describe('Granting with client_credentials grant type', function() {
  before(require('./start-server'));

  // Create a permission
  before(function(done) {
    var permissionModel = loopback.getModel('OAuthPermission');
    permissionModel.destroyAll(function(err) {
      if (err) {
        return done(err);
      }
      permissionModel.create({
        appId: '456',
        userId: 1,
        issuedAt: new Date(),
      }, done);
    });
  });

  after(function(done) {
    app.close(done);
  });

  function requestAccessToken(payload, done) {
    request
    .post(TOKEN_ENDPOINT)
    .set('Content-Type', 'application/x-www-form-urlencoded')
    .send(payload)
    .auth(CLIENT_ID, CLIENT_SECRET)
    .expect(200, /"access_token":/i, function(err, res) {
      if (err) {
        return done(err);
      }
      res.body.access_token.should.be.a('string');
      res.body.access_token.should.have.length(32);
      res.body.token_type.should.equal('Bearer');
      res.body.expires_in.should.equal(1209600);
      done();
    });
  }

  it('should generate access token', function(done) {
    requestAccessToken({
      grant_type: 'client_credentials',
      scope: 'demo',
    }, done);
  });
 });
diff --git a/middleware.json b/middleware.json
  "auth": {
    "loopback-component-oauth2#authenticate": []
  },
diff --git a/model-config.json b/model-config.json
 {
  "_meta": {
    "sources": [
      "loopback/common/models",
      "loopback/server/models",
      "../common/models",
      "./models"
    ],
    "mixins": [
      "loopback/common/mixins",
      "loopback/server/mixins",
      "../common/mixins",
      "./mixins"
    ]
  },
  "User": {
    "dataSource": "db",
    "public": false
  },
  "Application": {
    "dataSource": "db",
    "public": false
  },
  "AccessToken": {
    "dataSource": "db",
    "public": false
  },
  "ACL": {
    "dataSource": "db",
    "public": false
  },
  "RoleMapping": {
    "dataSource": "db",
    "public": false
  },
  "Role": {
    "dataSource": "db",
    "public": false
  }
 }
diff --git a/oauth.js b/oauth.js
 /* /server/boot/oauth.js */
 'use strict';

 var oauth2 = require('loopback-component-oauth2');

 module.exports = function(server) {
  console.log('------------------------------------------------');
  console.log('[oAuth]: Initialized');

  var options = {
    dataSource: server.datasources.db, // Data source for oAuth2 metadata persistence
    authorizationServer: true,
    resourceServer: true,
  };

  oauth2.oAuth2Provider(
    server, // The app instance
    options // The options
  );
 };
diff --git a/sample-data.json b/sample-data.json
 {
  "users": [
    {
      "username": "bob",
      "password": "secret",
      "email": "[email protected]"
    }
  ],
  "applications": [
    {
      "id": 456,
      "clientSecret": "secret",
      "name": "test-app"
    },
  ]
 }
	/* /server/test/grant.client_credentials.js */
	'use strict';

	/* jshint camelcase: false */
	var chai = require('chai');
	chai.should();

	var loopback = require('loopback');
	var app = require('../server/server');
	var request = require('supertest')('https://localhost:3000');

	var TOKEN_ENDPOINT = '/oauth/token';
	var CLIENT_ID = '456';
	var CLIENT_SECRET = 'secret';

	describe('Granting with client_credentials grant type', function() {
	before(require('./start-server'));

	// Create a permission
	before(function(done) {
	var permissionModel = loopback.getModel('OAuthPermission');
	permissionModel.destroyAll(function(err) {
	if (err) {
	return done(err);
	}
	permissionModel.create({
	appId: '456',
	userId: 1,
	issuedAt: new Date(),
	}, done);
	});
	});

	after(function(done) {
	app.close(done);
	});

	function requestAccessToken(payload, done) {
	request
	.post(TOKEN_ENDPOINT)
	.set('Content-Type', 'application/x-www-form-urlencoded')
	.send(payload)
	.auth(CLIENT_ID, CLIENT_SECRET)
	.expect(200, /"access_token":/i, function(err, res) {
	if (err) {
	return done(err);
	}
	res.body.access_token.should.be.a('string');
	res.body.access_token.should.have.length(32);
	res.body.token_type.should.equal('Bearer');
	res.body.expires_in.should.equal(1209600);
	done();
	});
	}

	it('should generate access token', function(done) {
	requestAccessToken({
	grant_type: 'client_credentials',
	scope: 'demo',
	}, done);
	});
	});
	{
	"_meta": {
	"sources": [
	"loopback/common/models",
	"loopback/server/models",
	"../common/models",
	"./models"
	],
	"mixins": [
	"loopback/common/mixins",
	"loopback/server/mixins",
	"../common/mixins",
	"./mixins"
	]
	},
	"User": {
	"dataSource": "db",
	"public": false
	},
	"Application": {
	"dataSource": "db",
	"public": false
	},
	"AccessToken": {
	"dataSource": "db",
	"public": false
	},
	"ACL": {
	"dataSource": "db",
	"public": false
	},
	"RoleMapping": {
	"dataSource": "db",
	"public": false
	},
	"Role": {
	"dataSource": "db",
	"public": false
	}
	}
	/* /server/boot/oauth.js */
	'use strict';

	var oauth2 = require('loopback-component-oauth2');

	module.exports = function(server) {
	console.log('------------------------------------------------');
	console.log('[oAuth]: Initialized');

	var options = {
	dataSource: server.datasources.db, // Data source for oAuth2 metadata persistence
	authorizationServer: true,
	resourceServer: true,
	};

	oauth2.oAuth2Provider(
	server, // The app instance
	options // The options
	);
	};
	{
	"users": [
	{
	"username": "bob",
	"password": "secret",
	"email": "[email protected]"
	}
	],
	"applications": [
	{
	"id": 456,
	"clientSecret": "secret",
	"name": "test-app"
	},
	]
	}