Auth Module
1.0.0
1.0.0
  • README
  • docs
    • providers
      • GitHub
      • Google
      • Auth0
      • Laravel Passport
      • Facebook
    • Auth Module
    • Migration Guide
    • guide
      • Middleware
      • Providers
      • Setup
      • Schemes
    • recipes
      • Extending Auth plugin
    • api
      • API
      • options
      • storage
      • auth
    • schemes
      • Local
      • Oauth2
    • glossary
  • .github
    • ISSUE_TEMPLATE
  • CHANGELOG
Powered by GitBook
On this page
  • Usage
  • Options
  • authorization_endpoint
  • userinfo_endpoint
  • scope
  • response_type
  • access_type
  • access_token_endpoint
  • token_type
  • redirect_uri
  • client_id
  • token_key
  • refresh_token_key
  • state
  1. docs
  2. schemes

Oauth2

PreviousLocalNextglossary

Last updated 5 years ago

oauth2 supports various oauth2 login flows. There are many pre-configured providers like that you may use instead of directly using this scheme.

Usage

this.$auth.loginWith('social')

Options

auth: {
  strategies: {
    social: {
      _scheme: 'oauth2',
      authorization_endpoint: 'https://accounts.google.com/o/oauth2/auth',
      userinfo_endpoint: 'https://www.googleapis.com/oauth2/v3/userinfo',
      scope: ['openid', 'profile', 'email'],
      access_type: undefined,
      access_token_endpoint: undefined,
      response_type: 'token',
      token_type: 'Bearer',
      redirect_uri: undefined,
      client_id: 'SET_ME',
      token_key: 'access_token',
      state: 'UNIQUE_AND_NON_GUESSABLE'
    }
  }
}

authorization_endpoint

REQUIRED - Endpoint to start login flow. Depends on oauth service.

userinfo_endpoint

While not a part of oauth2 spec, almost all oauth2 providers expose this endpoint to get user profile.

If a false value is set, we only do login without fetching user profile.

scope

REQUIRED - Oauth2 access scopes.

response_type

By default is token. If you use code you may have to implement a server side logic to sign the response code.

access_type

access_token_endpoint

token_type

By default is Bearer. It will be used in Authorization header of axios requests.

redirect_uri

By default it will be inferred from redirect.callback option. (Defaults to /login)

client_id

REQUIRED - oauth2 client id.

token_key

By default is set to token_key: 'access_token'. If you need to use the IdToken instead of the AccessToken, set this option to token_key: 'id_token'.

refresh_token_key

By default is set to refresh_token_key: 'refresh_token'. It automatically store the refresh_token, if it exists.

state

By default is set to random generated string.

If using Google code authorization flow (response_type: 'code') set to offline to ensure a refresh token is returned in the initial login request. (See )

If using Google code authorization flow (response_type: 'code') provide a URI for a service that accepts a POST request with JSON payload containing a code property, and returns tokens for code. See

Should be same as login page or relative path to welcome screen. ()

The primary reason for using the state parameter is to mitigate CSRF attacks. ()

Source Code
auth0
Google documentation
exchanged by provider
source code
example
read more