Skip to content

daptin/daptin-oauth-provider-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
scripts
scripts
 
 
.dockerignore
.dockerignore
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
compose.yaml
compose.yaml
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

Daptin OAuth Provider Demo

Node.js 18+ OAuth 2.0 OpenID Connect Docker Compose No dependencies

A Docker-first local demo for testing Daptin as an OAuth 2.0 / OpenID Connect provider.

It includes two browser flows against a local Daptin instance:

  • Daptin as an OAuth 2.0 / OpenID Connect provider for a normal external app.
  • Daptin as an OAuth client of itself through oauth_connect, using the same provider endpoints.

What This Demonstrates

  • OAuth authorization code flow with PKCE (S256).
  • Confidential client token exchange with client authentication.
  • OpenID Connect-style discovery, JWKS, and UserInfo calls.
  • Daptin client registration through POST /action/oauth_app/register_client.
  • Daptin consuming its own provider through oauth_connect and oauth.login.response.

Repository Shape

.
├── compose.yaml
├── Dockerfile
├── README.md
├── package.json
├── server.js
└── scripts
    └── setup.js

compose.yaml starts Daptin from the official Docker image and runs the demo app. scripts/setup.js prepares the Daptin instance by registering the provider client and creating the matching oauth_connect configuration.

Prerequisites

  • Docker Compose.
  • A Daptin Docker image tag that includes OAuth provider support.
  • A browser session signed in to that Daptin instance. The /oauth/authorize endpoint is browser-facing and authorizes the currently signed-in Daptin user.

Quick Start

docker compose up --build

Open:

  • Daptin: http://localhost:6336
  • Demo app: http://localhost:7777

Sign in to Daptin first, then use the demo app.

By default, compose.yaml uses the Daptin image with OAuth provider support:

daptin/daptin:v0.11.6

If OAuth provider support is published under a newer tag, run:

DAPTIN_IMAGE=daptin/daptin:<tag-with-oauth-provider> docker compose up --build

There is no daptin/daptin:latest manifest, so the image tag must be explicit.

The setup script registers:

  • An internal provider app through POST /action/oauth_app/register_client.
  • A Daptin OAuth consumer through the normal oauth_connect entity API.

The generated client secret and reference IDs are written inside the demo container at .env.local.

Local Node Mode

If Daptin is already running on the host:

cp .env.example .env.local
npm run setup
npm start

Open http://localhost:7777.

Demo Flows

Plain OAuth Client

Use Plain OAuth client login in the demo UI. This behaves like a third-party app:

  1. The demo redirects the browser to GET /oauth/authorize.
  2. Daptin returns an authorization code to /plain-client/callback.
  3. The demo exchanges the code at POST /oauth/token with PKCE and client authentication.
  4. The demo calls GET /oauth/userinfo.

Daptin Consuming Its Own OAuth Provider

Use Daptin oauth_connect self-login in the demo UI. This exercises Daptin's existing OAuth client path:

  1. The demo calls POST /action/oauth_connect/oauth_login_begin.
  2. Daptin returns a provider authorization URL and state.
  3. The browser authorizes against Daptin's provider endpoint.
  4. The callback calls POST /action/oauth_token/oauth.login.response.
  5. Daptin exchanges the code, fetches profile data, and stores the token through its normal OAuth consumer implementation.

Configuration

Common values in .env.local:

DAPTIN_BASE_URL=http://localhost:6336
DAPTIN_BROWSER_URL=http://localhost:6336
DAPTIN_API_URL=http://localhost:6336
DAPTIN_INTERNAL_URL=http://localhost:6336
DEMO_BASE_URL=http://localhost:7777
AUTHENTICATOR_NAME=daptin-self-abc123
OAUTH_CLIENT_ID=dapc_...
OAUTH_CLIENT_SECRET=daps_...
OAUTH_CONNECT_REFERENCE_ID=...

AUTHENTICATOR_NAME is generated by default so repeated setup runs do not collide with an existing oauth_connect name.

In Docker Compose, these are split deliberately:

  • DAPTIN_BROWSER_URL: browser-facing redirects, usually http://localhost:6336.
  • DAPTIN_API_URL: calls from the demo container to Daptin, usually http://daptin:8080.
  • DAPTIN_INTERNAL_URL: calls from the Daptin container to itself during oauth_connect token/profile exchange, usually http://daptin:8080.

Security Notes

  • The demo stores OAuth state and PKCE verifier in HTTP-only cookies for local testing.
  • Client secrets are written to .env.local; do not commit that file.
  • Local http://localhost redirect URIs are used for development only. Production OAuth clients should use HTTPS redirect URIs.
  • This is a demo app, not a production session manager.

Useful Endpoints

  • Provider discovery: GET /.well-known/openid-configuration
  • Authorization: GET /oauth/authorize
  • Token: POST /oauth/token
  • UserInfo: GET /oauth/userinfo
  • Introspection: POST /oauth/introspect
  • Revocation: POST /oauth/revoke
  • JWKS: GET /.well-known/jwks.json
  • Provider client registration action: POST /action/oauth_app/register_client
  • Daptin OAuth consumer begin action: POST /action/oauth_connect/oauth_login_begin
  • Daptin OAuth consumer response action: POST /action/oauth_token/oauth.login.response

About

Docker Compose demo for Daptin as an OAuth 2.0 / OpenID Connect provider, including oauth_connect self-login.

github.com/daptin/daptin-oauth-provider-demo

Topics

nodejs oauth2 docker-compose openid-connect oauth-provider oidc pkce daptin

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages