node-red-contrib-oauth2

node-red-contrib-oauth2
Photo by Micah Williams / Unsplash
GitHub - caputomarcos/node-red-contrib-oauth2: node-red-contrib-oauth2 - An OAuth2 client which sends an oauth2Response object as output.
node-red-contrib-oauth2 - An OAuth2 client which sends an oauth2Response object as output. - GitHub - caputomarcos/node-red-contrib-oauth2: node-red-contrib-oauth2 - An OAuth2 client which sends an...

Donate

node-red-contrib-oauth2

An OAuth2 client which sends an oauth2Response object as output.

Inputs

Any message to trigger producing an oauth2Response.

Container

The name of the container that will receive the message oauth2Response object.

p.s. msg.payload.oauth2Response object

Grant Type

  • Client Credentials

    inputs:

      Access Token URL
      Client ID
      Client Secret
      Scope
    
  • Password

    inputs:

      Access Token URL
      Username
      Password
      Client ID
      Client Secret
      Scope
    
  • - Set by msg.oauth2Request -

    input:

    client_credentials

    msg.oauth2Request = { 
    "access_token_url": "http://localhost:3000/oauth/token",
    "credentials": {
        "grant_type": "client_credentials",
        "client_id": "confidentialApplication",
        "client_secret": "topSecret",
        "scope": "*"
        },
    };
    return msg;
    

    password

    msg.oauth2Request = { 
    "access_token_url": "http://localhost:3000/oauth/token",
    "credentials": {
        "grant_type": "password",
        "client_id": "application",
        "client_secret": "secret",
        "scope": "*",
        "username": "pedroetb",
        "password": "password"   
      },
    };
    return msg;
    

    refresh_token

    var refreshToken = flow.get('refreshToken');
    
    msg.oauth2Request = { 
        "access_token_url": "http://localhost:3000/oauth/token",
        "credentials": {
            "grant_type": "refresh_token",
            "client_id": "application",
            "client_secret": "secret",
            "scope": "*",
            "refresh_token": refreshToken   
        },
    };
    return msg;
    

Outputs

  1. Standard output

msg.oauth2Response object

{
    "_msgid": "2670c12c7893c3f9",
    "payload": 1629740729931,
    "topic": "Client Credentials set by msg.oauth2Request",
    "oauth2Response": {
        "accessToken": "b7a0d0c04d44e093b2dac7d6def877da2e19aa76",
        "accessTokenExpiresAt": "2021-08-23T18:45:29.943Z",
        "scope": "*",
        "client": {
            "id": "confidentialApplication"
        },
        "user": {}
    }
}
  1. Standard output error

msg.oauth2Response object

{
    "_msgid": "e85afdfa97d3d79d",
    "payload": 1629734971400,
    "topic": "Refresh Token HTTP 400 by msg.oauth2Request",
    "oauth2Response": {
        "statusCode": 400,
        "status": 400,
        "code": 400,
        "message": "Invalid grant: refresh token is invalid",
        "name": "invalid_grant"
    }
}

Generic error

Err object describing the cause of a failed operation.

msg.err object

{
_msgid: 'd45ffa20.0f28e8',
  topic: 'Get Token',
  payload: 1552255377233,
  err: {
    code: 'ECONNRESET',
    path: null,
    host: 'localhost',
    port: '8000'
  }
}

Sample

[{"id":"be9f8d3e5126b0aa","type":"inject","z":"fbfbc50a1ded59ed","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":120,"y":240,"wires":[["457c466345b3c830"]]},{"id":"457c466345b3c830","type":"oauth2","z":"fbfbc50a1ded59ed","name":"Password","container":"oauth2Response","access_token_url":"http://localhost:3000/oauth/token ","grant_type":"password","username":"pedroetb","password":"password","client_id":"application","client_secret":"secret","scope":"*","headers":{},"x":380,"y":240,"wires":[["1f9670457ea0fdeb"]]},{"id":"fa297a2263ccab64","type":"debug","z":"fbfbc50a1ded59ed","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":870,"y":60,"wires":[]},{"id":"b09fcda36b29337e","type":"oauth2","z":"fbfbc50a1ded59ed","name":"Client Credentials","container":"oauth2Response","access_token_url":"http://localhost:3000/oauth/token ","grant_type":"client_credentials","username":"pedroet","password":"","client_id":"confidentialApplication","client_secret":"topSecret","scope":"*","headers":{},"x":350,"y":60,"wires":[["fa297a2263ccab64"]]},{"id":"68ce0e033979d11d","type":"inject","z":"fbfbc50a1ded59ed","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":120,"y":60,"wires":[["b09fcda36b29337e"]]},{"id":"6adbb00a164f0d30","type":"inject","z":"fbfbc50a1ded59ed","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":120,"y":360,"wires":[["5eedef6eb8215636"]]},{"id":"5eedef6eb8215636","type":"function","z":"fbfbc50a1ded59ed","name":"Refresh Token","func":"let refreshToken = global.get('refreshToken');\n\nmsg.oauth2Request = { \n    \"access_token_url\": \"http://localhost:3000/oauth/token\",\n    \"credentials\": {\n        \"grant_type\": \"refresh_token\",\n        \"client_id\": \"application\",\n        \"client_secret\": \"secret\",\n        \"scope\": \"*\",\n        \"refresh_token\": refreshToken   \n    },\n};\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":360,"y":360,"wires":[["bbb398a4c6b6581d"]]},{"id":"bbb398a4c6b6581d","type":"oauth2","z":"fbfbc50a1ded59ed","name":"Set by msg.oauth2Request","container":"oauth2Response","access_token_url":"http://localhost:3000/oauth/token ","grant_type":"set_by_credentials","username":"pedroet","password":"","client_id":"confidentialApplication","client_secret":"topSecret","scope":"*","headers":{},"x":640,"y":300,"wires":[["1f9670457ea0fdeb"]]},{"id":"5f5889fc9873830c","type":"function","z":"fbfbc50a1ded59ed","name":"Password","func":"msg.oauth2Request = { \n    \"access_token_url\": \"http://localhost:3000/oauth/token\",\n    \"credentials\": {\n        \"grant_type\": \"password\",\n        \"client_id\": \"application\",\n        \"client_secret\": \"secret\",\n        \"scope\": \"*\",\n        \"username\": \"pedroetb\",\n        \"password\": \"password\"   \n    },\n};\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":380,"y":300,"wires":[["bbb398a4c6b6581d"]]},{"id":"aa78cee9cf6b05a4","type":"debug","z":"fbfbc50a1ded59ed","name":"","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":1100,"y":240,"wires":[]},{"id":"e92113c4c92e02b9","type":"inject","z":"fbfbc50a1ded59ed","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":120,"y":300,"wires":[["5f5889fc9873830c"]]},{"id":"1f9670457ea0fdeb","type":"function","z":"fbfbc50a1ded59ed","name":"Set refreshToken","func":"if (msg.oauth2Response.refreshToken) {\n    global.set('refreshToken',msg.oauth2Response.refreshToken);\n}\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":900,"y":240,"wires":[["aa78cee9cf6b05a4"]]},{"id":"00bcb23670663c56","type":"function","z":"fbfbc50a1ded59ed","name":"Client Credentials","func":"msg.oauth2Request = { \n    \"access_token_url\": \"http://localhost:3000/oauth/token\",\n    \"credentials\": {\n        \"grant_type\": \"client_credentials\",\n        \"client_id\": \"confidentialApplication\",\n        \"client_secret\": \"topSecret\",\n        \"scope\": \"*\"\n    },\n};\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":350,"y":120,"wires":[["ac78cb33d964efde"]]},{"id":"ac78cb33d964efde","type":"oauth2","z":"fbfbc50a1ded59ed","name":"Set by msg.oauth2Request","container":"oauth2Response","access_token_url":"http://localhost:3000/oauth/token ","grant_type":"set_by_credentials","username":"pedroet","password":"","client_id":"confidentialApplication","client_secret":"topSecret","scope":"*","headers":{},"x":620,"y":120,"wires":[["fa297a2263ccab64"]]},{"id":"da4c05becf924c6a","type":"inject","z":"fbfbc50a1ded59ed","name":"","props":[{"p":"payload"},{"p":"topic","vt":"str"}],"repeat":"","crontab":"","once":false,"onceDelay":0.1,"topic":"","payload":"","payloadType":"date","x":120,"y":120,"wires":[["00bcb23670663c56"]]}]

This sample used the node-oauth2-server-example implemented with Spring Boot 1.3.2.
by pedroetb

Details

This node is intended to be used for communicating with OAuth2 protected APIs. Once you configured it, for each incoming message the node will emit a message containing the msg.oauth2Response value which can be passed to other nodes sending messages to an OAuth protected API.

References

The OAuth 2.0 Authorization Framework - The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.

Contributors