This project demonstrates a complete OAuth 2.0 authentication flow using three main components: an Authorization Server, a Client Application, and a Resource Server.
It is designed to showcase secure user authentication, token management, and protected resource access using modern best practices like PKCE and consent screens. The Authorization Server handles user login and token issuance, the Client App initiates authentication and displays user dashboards, and the Resource Server provides protected APIs accessible only with valid tokens.
-
Install Dependencies
- Navigate to each subfolder (
authorization-server,client-app,resource-server) and run:npm install
- Navigate to each subfolder (
-
Start Servers
- In each subfolder, start the server:
npm start - Or, if
npm startis not defined, use:node server.js
- In each subfolder, start the server:
-
Access the Client App
- Open your browser and go to the client app’s URL (usually
http://localhost:3000or as specified in the client-app/server.js).
- Open your browser and go to the client app’s URL (usually
-
Test Authentication Flow
- Use the client app to log in, grant consent, and access protected resources via the resource server.
- authorization-server: Default port is
3010 - client-app: Default port is
3000 - resource-server: Default port is
3002
The project comes with two predefined users for testing:
| ID | Password | Name | |
|---|---|---|---|
| 1 | john@example.com | 123 | John Doe |
| 2 | jane@example.com | 234 | Jane Smith |
You can use these credentials to log in and test the authentication flow.
authorization-server: Handles user authentication, consent, and token issuance.client-app: Initiates OAuth flow, displays login and dashboard pages.resource-server: Provides protected APIs, validates access tokens.