diff --git a/lib/models/oauth2.js b/lib/models/oauth2.js new file mode 100644 index 00000000..ba82a6e3 --- /dev/null +++ b/lib/models/oauth2.js @@ -0,0 +1,222 @@ +var loopback = require('../loopback'); + +// "OAuth token" +var OAuthToken = loopback.createModel({ + // "access token" + accessToken: { + type: String, + index: { + unique: true + } + }, // key, The string token + clientId: { + type: String, + index: true + }, // The client id + resourceOwner: { + type: String, + index: true + }, // The resource owner (user) id + realm: { + type: String, + index: true + }, // The resource owner realm + issuedAt: { + type: Date, + index: true + }, // The timestamp when the token is issued + expiresIn: Number, // Expiration time in seconds + expiredAt: { + type: Date, + index: { + expires: "1d" + } + }, // The timestamp when the token is expired + scopes: [ String ], // oAuth scopes + parameters: [ + { + name: String, + value: String + } + ], + + authorizationCode: { + type: String, + index: true + }, // The corresponding authorization code that is used to request the + // access token + refreshToken: { + type: String, + index: true + }, // The corresponding refresh token if issued + + tokenType: { + type: String, + enum: [ "Bearer", "MAC" ] + }, // The token type, such as Bearer: + // http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-16 + // or MAC: http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 + authenticationScheme: String, // HTTP authenticationScheme + hash: String // The SHA-1 hash for +// client-secret/resource-owner-secret-key +}); + +// "OAuth authorization code" +var OAuthAuthorizationCode = loopback.createModel({ + code: { + type: String, + index: { + unique: true + } + }, // key // The string code + clientId: { + type: String, + index: true + }, // The client id + resourceOwner: { + type: String, + index: true + }, // The resource owner (user) id + realm: { + type: String, + index: true + }, // The resource owner realm + + issuedAt: { + type: Date, + index: true + }, // The timestamp when the token is issued + expiresIn: Number, // Expiration time in seconds + expiredAt: { + type: Date, + index: { + expires: "1d" + } + }, // The timestamp when the token is expired + + scopes: [ String ], // oAuth scopes + parameters: [ + { + name: String, + value: String + } + ], + + used: Boolean, // Is it ever used + redirectURI: String, // The redirectURI from the request, we need to + // check if it's identical to the one used for + // access token + hash: String // The SHA-1 hash for +// client-secret/resource-owner-secret-key +}); + +// "OAuth client registration record" +var ClientRegistration = loopback.createModel({ + id: { + type: String, + index: { + unique: true + } + }, + clientId: { + type: String, + index: { + unique: true + } + }, // key; // The client id + clientSecret: String, // The generated client secret + + defaultTokenType: String, + accessLevel: Number, // The access level to scopes, -1: disabled, 0: + // basic, 1..N + disabled: Boolean, + + name: { + type: String, + index: true + }, + email: String, + description: String, + url: String, + iconURL: String, + redirectURIs: [ String ], + type: { + type: String, + enum: [ "CONFIDENTIAL", "PUBLIC" ] + }, + + userId: { + type: String, + index: true + } // The registered developer + +}); + +// "OAuth permission" +var OAuthPermission = loopback.createModel({ + clientId: { + type: String, + index: true + }, // The client id + resourceOwner: { + type: String, + index: true + }, // The resource owner (user) id + realm: { + type: String, + index: true + }, // The resource owner realm + + issuedAt: { + type: Date, + index: true + }, // The timestamp when the permission is issued + expiresIn: Number, // Expiration time in seconds + expiredAt: { + type: Date, + index: { + expires: "1d" + } + }, // The timestamp when the permission is expired + + scopes: [ String ] +}); + +// "OAuth scope" +var OAuthScope = loopback.createModel({ + scope: { + type: String, + index: { + unique: true + } + }, // key; // The scope name + description: String, // Description of the scope + iconURL: String, // The icon to be displayed on the "Request Permission" + // dialog + expiresIn: Number, // The default maximum lifetime of access token that + // carries the scope + requiredAccessLevel: Number, // The minimum access level required + resourceOwnerAuthorizationRequired: Boolean +// The scope requires authorization from the resource owner +}); + +// "OAuth protected resource" +var OAuthResource = loopback.createModel({ + operations: [ + { + type: String, + enum: [ "ALL", "GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "PATCH" ] + } + ], // A list of operations, by default ALL + path: String, // The resource URI path + scopes: [ String ] +// Allowd scopes +}); + +// Use the schema to register a model +exports.OAuthToken = OAuthToken; +exports.OAuthAuthorizationCode = OAuthAuthorizationCode; +exports.ClientRegistration = ClientRegistration; +exports.OAuthPermission = OAuthPermission; +exports.OAuthScope = OAuthScope; +exports.OAuthResource = OAuthResource;