Sign Up for Free

RunKit +

Try any Node.js package right in your browser

This is a playground to test code. It runs a full Node.js environment and already has all of npm’s 1,000,000+ packages pre-installed, including feathers-authentication-oauth2 with all npm packages installed. Try it out:

var feathersAuthenticationOauth2 = require("feathers-authentication-oauth2")

This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.

feathers-authentication-oauth2 v0.3.2

An OAuth2 authentication strategy for feathers-authentication using Passport


Greenkeeper badge

Build Status Code Climate Test Coverage Dependency Status Download Status

An OAuth2 authentication strategy for feathers-authentication using Passport


npm install feathers-authentication-oauth2 --save

Note: This is only compatibile with feathers-authentication@1.x and above.


Supported Strategies

and many many more. Any Passport OAuth2 strategy will work.


This module contains 2 core pieces:

  1. The main entry function
  2. The Verifier class

Main Initialization

In most cases initializing the feathers-authentication-oauth2 module is as simple as doing this:

const FacebookStrategy = require('passport-facebook').Strategy;
  name: 'facebook',
  Strategy: FacebookStrategy,
  clientID: '<your client id>',
  clientSecret: '<your client secret>',
  scope: ['public_profile', 'email']

This will pull from your global auth object in your config file. It will also mix in the following defaults, which can be customized.

Default Options

    idField: '<provider>Id', // The field to look up the entity by when logging in with the provider. Defaults to '<provider>Id' (ie. 'facebookId').
    path: '/auth/<provider>', // The route to register the middleware
    callbackPath: '/auth/<provider>/callback', // The route to register the callback handler
    callbackURL: 'http(s)://hostname[:port]/auth/<provider>/callback', // The callback url. Will automatically take into account your host and port and whether you are in production based on your app environment to construct the url. (ie. in development http://localhost:3030/auth/facebook/callback)
    successRedirect: undefined,
    failureRedirect: undefined,
    entity: 'user', // the entity that you are looking up
    service: 'users', // the service to look up the entity
    passReqToCallback: true, // whether the request object should be passed to `verify`
    session: false // whether to use sessions,
    handler: function, // Express middleware for handling the oauth callback. Defaults to the built in middleware.
    formatter: function, // The response formatter. Defaults the the built in feathers-rest formatter, which returns JSON.
    Verifier: Verifier // A Verifier class. Defaults to the built-in one but can be a custom one. See below for details.

Additional passport strategy options can be provided based on the OAuth2 strategy you are configuring.


This is the verification class that handles the OAuth2 verification by looking up the entity (normally a user) on a given service and either creates or updates the entity and returns them. It has the following methods that can all be overridden. All methods return a promise except verify, which has the exact same signature as passport-oauth2.

    constructor(app, options) // the class constructor
    _updateEntity(entity) // updates an existing entity
    _createEntity(entity) // creates an entity if they didn't exist already
    _normalizeResult(result) // normalizes result from service to account for pagination
    verify(req, accessToken, refreshToken, profile, done) // queries the service and calls the other internal functions.

Customizing the Verifier

The Verifier class can be extended so that you customize it's behavior without having to rewrite and test a totally custom local Passport implementation. Although that is always an option if you don't want use this plugin.

An example of customizing the Verifier:

import oauth2, { Verifier } from 'feathers-authentication-oauth2';

class CustomVerifier extends Verifier {
  // The verify function has the exact same inputs and
  // return values as a vanilla passport strategy
  verify(req, accessToken, refreshToken, profile, done) {
    // do your custom stuff. You can call internal Verifier methods
    // and reference and this.options. This method must be implemented.
    // the 'user' variable can be any truthy value
    done(null, user);

  name: 'facebook',
  Strategy: FacebookStrategy,
  clientID: '<your client id>',
  clientSecret: '<your client secret>',
  scope: ['public_profile', 'email'],
  Verifier: CustomVerifier

Customizing The OAuth Response

Whenever you authenticate with an OAuth2 provider such as Facebook, the provider sends back an accessToken, refreshToken, and a profile that contains the authenticated entity's information based on the OAuth2 scopes you have requested and been granted.

By default the Verifier takes everything returned by the provider and attaches it to the entity (ie. the user object) under the provider name. You will likely want to customize the data that is returned. This can be done by adding a before hook to both the update and create service methods on your entity's service.

  name: 'github',
  entity: 'user',
  service: 'users',
  clientID: 'your client id',
  clientSecret: 'your client secret'

function customizeGithubProfile() {
  return function(hook) {
    console.log('Customizing Github Profile');
    // If there is a github field they signed up or
    // signed in with github so let's pull the primary account email.
    if ( { = => email.primary).value;

    // If you want to do something whenever any OAuth
    // provider authentication occurs you can do this.
    if (hook.params.oauth) {
      // do something for all OAuth providers

    if (hook.params.oauth.provider === 'github') {
      // do something specific to the github provider

    return Promise.resolve(hook);

  before: {
    create: [customizeGithubProfile()],
    update: [customizeGithubProfile()]

Complete Example

Here's a basic example of a Feathers server that uses feathers-authentication-oauth2. You can see a fully working example in the example/ directory.

const feathers = require('feathers');
const rest = require('feathers-rest');
const hooks = require('feathers-hooks');
const memory = require('feathers-memory');
const bodyParser = require('body-parser');
const GithubStrategy = require('passport-github').Strategy;
const errorHandler = require('feathers-errors/handler');
const auth = require('feathers-authentication');
const oauth2 = require('feathers-authentication-oauth2');

// Initialize the application
const app = feathers()
  // Needed for parsing bodies (login)
  .use(bodyParser.urlencoded({ extended: true }))
  // Configure feathers-authentication
  .configure(auth({ secret: 'super secret' }))
    name: 'github',
    Strategy: GithubStrategy,
    clientID: '<your client id>',
    clientSecret: '<your client secret>',
    scope: ['user']
  .use('/users', memory())


console.log('Feathers app started on');


Copyright (c) 2016

Licensed under the MIT license.

RunKit is a free, in-browser JavaScript dev environment for prototyping Node.js code, with every npm package installed. Sign up to share your code.
Sign Up for Free