3

I have set up OAuth as per the docs and this link https://strongloop.com/strongblog/node-js-loopback-api-gateway-sample-applications/.

There are a few issues in understanding the usage of the code base and flow based on the options of loopback-component-oauth2. Is there a tutorial that covers each section or a working implementation for Implict, AuthorizationCode, Refresh token, JWT.

I have been able to secure API (eg: /api/Notes) as per docs and it does seem to be blocking requests but is not allowing me to authenticate. More, when I make a request to /oauth/token this API is also throwing Unauthorized 401 errors - both from REST Client like postman and https://loopbacklocalhost/explorer.

I am using loopback 3.0. I am having tough time with the component not documented completely nor having a doc aligned example code. May be I am missing something here.

I have seen this hub repo as well and seems they use passport directly and is documented very less making it difficult to integrate things easily. https://github.com/strongloop/microgateway

Note: I have gone through the following question, the archive repo tests. How to setup OAuth 2.0 server using loopback

Any help is welcome.

Gary
  • 2,293
  • 2
  • 25
  • 47
  • Any help is welcome – Gary Mar 18 '18 at 13:37
  • Are you using this demo https://github.com/strongloop-archive/strong-gateway? Also, if you made any modifications, would you please create a repo for us to look into? – Harry Adel Dec 11 '18 at 16:53
  • Ah no rewriting my project with sails /plain express. Also considering Koa. I don't intend to use loopback anymore. Thanks for taking the time to check on an long time unanswered question. :-) – Gary Dec 12 '18 at 17:09
  • 1
    I guess I was too late, anyway I wish you success in your endeavor. :) – Harry Adel Dec 13 '18 at 11:21
  • 1
    I was able to make it works using this documentation, https://www.npmjs.com/package/loopback-component-oauth2-server but you also need a good understanding on how OAuth2 works too. – Julien d'Adhemar Jun 25 '19 at 17:38
  • True, I was able to get jwt and basic work. I think that what you said could have been the problem. However, I am unsure if authorizationCode and refreshToken are correct. Even though I understood the flow there seemed to be some issue. Is there any help in the sample code? The issue is loopback creates rest API automatically. I found a sample code for express, oauth-express, and waterline could figure out the flow. Both loopback, datasource joeler and microgateway seemed too much code with less documentation. Thank you for your time. Wish you had noticed this before. :-) – Gary Jun 27 '19 at 03:01

0 Answers0