Oauth2

Source Code

oauth2 supports various oauth2 login flows. There are many pre-configured providers that you may use instead of directly using this scheme.

Usage

this.$auth.loginWith('social')

Options

auth: {
  strategies: {
    social: {
      _scheme: 'oauth2',
      authorization_endpoint: 'https://accounts.google.com/o/oauth2/auth',
      userinfo_endpoint: 'https://www.googleapis.com/oauth2/v3/userinfo',
      scope: ['openid', 'profile', 'email'],
      access_type: undefined,
      access_token_endpoint: undefined,
      response_type: 'token',
      token_type: 'Bearer',
      redirect_uri: undefined,
      client_id: 'SET_ME',
      token_key: 'access_token',
      state: 'UNIQUE_AND_NON_GUESSABLE'
    }
  }
}

`authorization_endpoint`

REQUIRED - Endpoint to start login flow. Depends on oauth service.

`userinfo_endpoint`

While not a part of oauth2 spec, almost all oauth2 providers expose this endpoint to get user profile.

If a false value is set, we only do login without fetching user profile.

`scope`

REQUIRED - Oauth2 access scopes.

`response_type`

By default is token. If you use code you may have to implement a server side logic to sign the response code.

`access_type`

If using Google code authorization flow (response_type: 'code') set to offline to ensure a refresh token is returned in the initial login request. (See Google documentation)

`access_token_endpoint`

If using Google code authorization flow (response_type: 'code') provide a URI for a service that accepts a POST request with JSON payload containing a code property, and returns tokens exchanged by provider for code. See source code

`token_type`

By default is Bearer. It will be used in Authorization header of axios requests.

`redirect_uri`

By default it will be inferred from redirect.callback option. (Defaults to /login)

Should be same as login page or relative path to welcome screen. (example)

`client_id`

REQUIRED - oauth2 client id.

`token_key`

By default is set to token_key: 'access_token'. If you need to use the IdToken instead of the AccessToken, set this option to token_key: 'id_token'.

`refresh_token_key`

By default is set to refresh_token_key: 'refresh_token'. It automatically store the refresh_token, if it exists.

`state`

By default is set to random generated string.

The primary reason for using the state parameter is to mitigate CSRF attacks. (read more)

← Local Auth0 →

# Oauth2

# Usage

# Options

# authorization_endpoint

# userinfo_endpoint

# scope

# response_type

# access_type

# access_token_endpoint

# token_type

# redirect_uri

# client_id

# token_key

# refresh_token_key

# state