I m actually studying REST Apis security, and it seems that many people are using OAuth2 and OpenId protocoles to manage authentication.
I have tried to implement two OAuth2 server using :
http://passportjs.org/ for the client side and https://github.com/jaredhanson/oauth2orize for the server side
For the first solution, running the examples is working correctly but I need to make something stateless (and in the example the author uses sessions...)
Can you help me to create the simplest oauth2 server possible or defaultly explaining me the whole functionnement of these libraries ?
Thanks for advance
I would rather use grant for OAuth, it is an authentication middleware for Express much like passport is, but it's far more simpler to use and all of the providers are contained inside the module itself as a JSON configuration, contrary to requiring a separate third party module for each one.
Also note that there is a live demo of all currently supported providers. There is a demo that can be found inside the repository under the example folder, so you can play around with it.