This app illustrates how to build an OAuth 2.0 server using Express, OAuth2orize, and Passport. Use this example as a starting point for your own authorization server.

Quick Start

To run this app, clone the repository and install dependencies:

$ git clone
$ cd todosas-bearer-jwt
$ npm install

Then start the server.

$ npm start


This example illustrates how to build an OAuth 2.0 authorization server that supports clients using the web-based authorization code and implicit grants. The access tokens issued to clients are bearer tokens, the contents of which are encoded in JSON Web Token (JWT) format and compliant with RFC 9068.

This app implements sign in and consent functionality. User interaction is performed via HTML pages and forms, which are rendered via EJS templates and styled with vanilla CSS. Data is stored in a SQLite database.

This app exposes OAuth 2.0 endpoints, allowing it to manage access to other apps and APIs that rely on this server. This provides the ability to offer single sign-on (SSO) to a suite of apps and control third-party access to protected APIs.


The Unlicense


Created by Jared Hanson


View Github