I forked the rocketchat oauth server as it uses an old version of the node-oauth2-server.
I updated it and integrated meteor and mongo, added tests etc. and wrote also a custom login handler.
Is it fully compatible with server to server communication via rest apis?
I have a centralized server for managing users only,
And 5 different servers access my centralized users server via Rest Apis.
So would this package fulfill all my requirements?
Hi, I’ve got a meteor app with user accounts (lets call it “A”) and I wan’t another (express) app (let’s call it “B”) to be able to “login with A” like you can “login with facebook”.
Flow is :
User has an account on A and is connected. (He logs there via facebook or email + password)
User goes to B (other domain, not meteor, other database, other company but partner)
User clicks on “login via A”
User clicks on a popup window from A to authorize connection
User is connected to B (an account is created if none is present) and B can request A for profile information
This is possible, but a bit bloated. The package is designed for Meteor apps, that act as a standalone OAuth2 server to authenticate multiple clients. However feel free to try it out, it should be all covered in the documentation.
Now this would still even be possible without the package, because the OAuth2 workflow is already implemented in the accounts-oauth package, which is a co-dependency on accounts-password.
The only thing you need to do is to configure your ServiceConfiguration with the right clientId and secret and have them configured in the OAuth authentication request and provide the right parameters in the request.
Let me know if you get stuck anywhere.
P.S. I am currently writing on a Meteor Microservices guide, that will also cover authentication across multiple applications.
To the extend of the workflow that is required for a password-based login, yes. The accounts-oauth itself depends on the oauth package and it implements all the authentication related workflow: https://github.com/meteor/meteor/tree/devel/packages/oauth
I think to implement your workflow you basically need to know the auth url (which should be defined somewhere in one of these packages) and register your service as posted above.
Edit: I think there is a bit more, since you will have to register some http route that returns the user credentials in exchange of the token you provide. Maybe this is also somewhere defined?
The package I provide provides OAuth2 features beyond this workflow, which is why it may be too much for your use case.
By the way - If you get it running, it may be a good use-case for a nice tutorial or article