The goal is to get to know Node.js, MongoDB, Passport.js and OAuth2orize
- Create a server using Express and Node 8 or later
- Use passport-local to support basic username/password authentication
- Create a page where a user can sign up
- Using the appropriate passport strategies, support social provider login via Google and GitHub
- Create a login page where the user can select their authentication method
- Implement support for the OAuth 2.0 Authorization Code grant using oauth2orize
- Add basic support for OIDC by the way of the /userinfo API, supporting at least the openid profile email scopes. The endpoint must be authenticated via the tokens issues from the Authorization Code flow
- Show a consent page to the user
- Use FlowState
- If the user has a valid session, skip the login page
- If the user has previously granted consent, skip the consent dialog
- Support some of the OIDC request extension parameters using oauth2orize-openid
- Use MongoDB for all the data that needs to be persisted