Module : oauth2

Module Overview

This module provides an inbound and outbound OAuth2 authentication provider, which can be used to authenticate the provided credentials against an introspection endpoint and authenticate with an external endpoint.

Inbound OAuth2 Provider

The oauth2:InboundOAuth2Provider is an implementation of the auth:InboundAuthProvider interface. This calls an introspection endpoint, validate the token, and performs authentication and authorization.

oauth2:IntrospectionServerConfig introspectionServerConfig = {
    url: "https://localhost:9196/oauth2/token/introspect"
oauth2:InboundOAuth2Provider oauth2Provider = new(introspectionServerConfig);

Outbound OAuth2 Provider

The oauth2:OutboundOAuth2Provider is an implementation of the auth:OutboundAuthProvider interface. This is used to call an external endpoint with authentication.

Client Credentials Grant Type

oauth2:OutboundOAuth2Provider oauth2Provider1 = new({
    tokenUrl: "https://localhost:9196/oauth2/token",
    clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
    clientSecret: "9205371918321623741",
    scopes: ["token-scope1", "token-scope2"]

Password Grant Type

oauth2:OutboundOAuth2Provider oauth2Provider5 = new({
    tokenUrl: "https://localhost:9196/oauth2/token/authorize/header",
    username: "johndoe",
    password: "A3ddj3w",
    clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
    clientSecret: "9205371918321623741",
    scopes: ["token-scope1", "token-scope2"]

Direct Token Mode

oauth2:OutboundOAuth2Provider oauth2Provider13 = new({
    accessToken: "2YotnFZFEjr1zCsicMWpAA",
    refreshConfig: {
        refreshUrl: "https://localhost:9196/oauth2/token/refresh",
        refreshToken: "XlfBs91yquexJqDaKEMzVg==",
        clientId: "3MVG9YDQS5WtC11paU2WcQjBB3L",
        clientSecret: "9205371918321623741",
        scopes: ["token-scope1", "token-scope2"]


CachedToken The `CachedToken` stores the values received from the authorization/token server to use them for the latter requests without requesting tokens again.
ClientCredentialsGrantConfig The `ClientCredentialsGrantConfig` record can be used to configue OAuth2 client credentials grant type.
DirectTokenConfig The `DirectTokenConfig` record configures the access token directly.
DirectTokenRefreshConfig The `DirectTokenRefreshConfig` record passes the configurations for refreshing the access token for the grant type of the direct token grant type.
IntrospectionServerConfig Represents introspection server onfigurations.
PasswordGrantConfig The `PasswordGrantConfig` record can be used to configue OAuth2 password grant type
RefreshConfig The `RefreshConfig` record can be used to pass the configurations for refreshing the access token of password grant type.



Represents inbound OAuth2 provider, which calls the introspection server and validate the received credentials.


Represents outbound OAuth2 provider.



Reads the scope(s) for the user with the given username.



Represents the OAuth2 error reason.



Represents the OAuth2 error type with details.