Creating an OAuth2 server

Anyone here work on creating an OAuth2 server to authenticate users on their application?

I don’t mean like connecting to Github, Google, etc. I mean your application as the service provider.

2 Likes

Hi Corvid,
Nice to see you posting on the forums! :bird:

There’s another thread from a couple of months ago, with a few architectural leads:

But stay tuned, as I have two other clients who have been discussing HL7 Argonaut FHIR implementation, which would include an OAuth2 server. I think we’re almost ready to pull the trigger and announce a new subproject for the Clinical Meteor track. I just want to check about sponsorship and participation first.

3 Likes

We are using our own Oauth server. However, it predates our changeover to Meteor and although we’d like to revisit it, it ain’t broke and we have more pressing work. It’s written in PHP :scream:

2 Likes

Guess I’ll work on making one then

1 Like

Hi all,
So, some of the other folks in the Meteor/Healthcare community are asking about HL7 Argonaut integration, which would involve an OAuth2 server. I just opened up a thread to start coordinating OAuth2 HL7/FHIR testing:

Corvid, are you planning on keeping your OAuth2 implementation internal? If not, and you’ll be keeping the implementation public, I’m pretty sure the Santa Cruz folks would be willing to bug test, help with QA, submit PRs, etc.

Also, there’s another Boston based company that’s looking at jumping onto the Meteor bandwagon, and do Argonaut FHIR testing in Boston. I’m still figuring out details, but they seem willing to devote resources, and are on board with supporting an open implementation for Meteor.

Is there any progress in this area? Since I might need a solution pretty soon and don’t want to start something if it has been done already.

Just a lot of sitting and thinking. I’m tempted to try to piece together an initial version as part of this weekend’s hackathon.

We’re going to try to use the NPM oauth2-server package. Using a hacky pseudocode translation of the oauth2-server example, it looks like we need something that’s architecturally handwavingly similar to this:

var restivusPackage = require('restivus'),
    bodyParser = require('body-parser'),
    oauthserver = require('oauth2-server');
 
var meteorApp = restivusPackage();
 
meteorApp.use(bodyParser.urlencoded({ extended: true }));
 
meteorApp.use(bodyParser.json());
 
meteorApp.oauth = oauthserver({
  model: {}, // See below for specification 
  grants: ['password'],
  debug: true
});
 
restivusPackage.all('/oauth/token', meteorApp.oauth.grant());
 
restivusPackage.get('/', meteorApp.oauth.authorise(), function (req, res) {
  res.send('Secret area');
});
 
restivusPackage.use(app.oauth.errorHandler());
 
restivusPackage.listen(3000);

I have no clue if the Url encoding is something that’s going to need to taken care of; if Meteor already takes care of it; etc. But the routing rules sort of make sense, and Restivus provides a similar enough API that we can sort of start to make sense of it:

  //Api.addRoute('oauth/token', {authRequired: true}, {
  Api.addRoute('oauth/token', {
    get: function () {
      return meteorApp.oauth.grant();
    }
  });  
  //Api.addRoute('/', {authRequired: true}, {
  Api.addRoute('/', {
    get: {
      //roleRequired: ['author', 'admin'],
      action: function () {
        if (meteorApp.oauth.authorise()) {
          return {status: 'success', data: {message: 'You have been granted access to a restricted area.'}};
        }
        return {
          statusCode: 404,
          body: {status: 'fail', message: 'You are denied.'}
        };
      }
    }
  });

So that’s where we’re at.

Hi, thanks for the answer.

I just stumbled upon it.
I guess I have to have another look at the notification settings, here.

I will dig deeper into it, as soon as I’m approaching the integration part again.

Regards,
Dirk

I need to instantiate an OAuth2 server in Meteor. I will have to to roll my own since I can’t find any existing solutions.

1 Like

Hi,

Have you started on this? We will be working on creating such a package for Rocket.Chat next week.

Should we join forces?

Best,

Gab

Hey wondering if you had any luck here? I’ve built oauth2 servers using doorkeeper in rails, but would like to do one for meteor, also for healthcare apps.

Not yet. The HL7 FHIR project specifies a number of test cases for confirming an OAuth2 server works correctly; so when Gabriel offered to give it a try, I began doing some prep work to getting those test cases ready.

Digging around in the RocketChat repository… looks like we have a very, very initial server working?

2 Likes

Awesome, looks like @gabrielengel has things started! I will also need this very soon, so I can provide a use case and test things out. Let me know if you need anything. I will be using it for Pixel Art Academy.

1 Like

I work for Prime8Consulting and we just finished writing an oauh2 client/server package for meteor. It lots of documentation and example applications that demonstrate how it works.

1 Like

This is fantastic news! Very excited to give it a try!

Hi we also managed to make it work on Rocket.Chat

Our repo: https://github.com/RocketChat/rocketchat-oauth2-server

2 Likes

Hi, have you finished that package? I’m integrating some existing apps with Rocket.Chat and I really don’t know if there are already some existing solutions.

Yes, please see https://github.com/RocketChat/Rocket.Chat/tree/develop/packages/rocketchat-oauth2-server-config

And you can configure it on the admin panel.

1 Like

Hi, i know this late but im having trouble to integrate oauthserver to my own project, Is there more documentation regarding to this project? I cant get it to work using code supplied. Thanks