Adding an oauth2 server to my app

Hi every one,
We’ve got a meteor app (sboulder).
An other node js app (7thgrade) is going to work in synergy with us.
We’d like to setup an oauth2 server on sboulder so that :

  • A user can sign in to 7thgrade with a sboulder account (like with a facebook or google account) without registering again. 7thgrade would get all the user’s profile from sboulder (name, email…).
  • A user can link an existing 7thgrade account to an existing sboulder account easily (and get missing profile info)
  • 7thgrade would be able to fetch periodically changed info from sboulder’s user’s profile

Is setting up an oauth2 server the best way to achieve this ?

My idea is to install RocketChat oauth2 server on sboulder

Do you think it can be the good tool ?

Has anyone done something like this before ?

Could someone help me with some code examples to achieve this ? On both the meteor app and the other app.

Thanks a lot

Hi Jadus, did you have any progress with this? I might be able to provide the client side workflows (have done them in React).

Hi, thank you for your message !
Yes I’ve managed to set it up with rocket chat
oauth server, although it was not easy.

@jadus I rewrote the package with the latest version of node-oauth2-server, because the rocketchat package has not been updated in a while (plus it missed tests):

There is a WIP reference accounts server using it:

I will speak about this topic on the upcoming Meteor Impact 2020 in detail with examples


Great ! I’ll replace the package with yours in my code.
Thanks for your work

@jadus you’re welcome! Feel free to comment or leave an issue on the repo if anything is not working as expected or if you have questions.


can you share the code? I have a react / react-router app and I’d like to add oauth2 dialog to it.
I’ve found this article. If I’m correct, I have to:

  • create a react-router route for the oauth2 dialog. For this, I need:
    • a method to check if the received client_id/redirect_uri are valid (do I have to write it manually or does this package provide it?)
    • check if the user is logged in, show login dialog if not
    • redirect the browser to redirect_uri if the user is logged in and grants permission with loginToken as the access code.
  • Then the client app will POST a request to authorizeUrl with the received loginToken and client_secret to get access & refresh tokens, but the package does all the work for me here.
  • Then if I add routes with oauth2server.authenticatedRoute() everything will be handled automatically and I receive the userId through (bonus question: has anyone wrote a mixin for mdg:validated_method for this?).