The unofficial successor to oauthjs/oauth2-server. Complete, compliant, maintained and well tested OAuth2 Server for node.js. Includes native async await and PKCE.




Complete, compliant and well tested module for implementing an OAuth2 server in Node.js.


npm install @node-oauth/oauth2-server

The @node-oauth/oauth2-server module is framework-agnostic but there are several officially supported wrappers available for popular HTTP server frameworks such as Express and Koa (not maintained by us). If you're using one of those frameworks it is strongly recommended to use the respective wrapper module instead of rolling your own.


  • Supports authorization_code, client_credentials, refresh_token and password grant, as well as extension grants, with scopes.
  • Can be used with promises, Node-style callbacks, ES6 generators and async/await (using Babel).
  • Fully RFC 6749 and RFC 6750 compliant.
  • Implicitly supports any form of storage, e.g. PostgreSQL, MySQL, MongoDB, Redis, etc.
  • Support for PKCE
  • Complete test suite.


Documentation is hosted on Read the Docs. Please leave an issue if something is confusing or missing in the docs.


Most users should refer to our Express (active) or Koa (not maintained by us) examples. More examples can be found here.

Migrating from OAuthJs and 3.x

Version 4.x should not be hard-breaking, however, there were many improvements and fixes that may be incompatible with specific behavior in <= 3.x. For more info, please read the changelog or open an issue if you think something is unexpectedly not working.

Supported NodeJs versions

This project supports the node versions along the NodeJS LTS releases, focusing on Maintenance LTS, Active LTS, and Current.

Contributing to this project

Please read our contribution guide before taking actions. In any case, please open an issue before opening a pull request to find out whether your intended contribution will actually have a chance to be merged.

Company Screenshot