loopback-component-oauth2
is used to setup a LoopBack application as an OAuth 2.0
server. It can be applied when people implement their LoopBack application as an
OAuth 2.0 provider. For example, the API gateway application.
As of now, LoopBack 4 focuses on redirecting to third-party OAuth2 providers
like Google or
Facebook for
authentication and authorization, instead of turning itself into an OAuth 2.0
provider. And given the complexity of
loopback-component-oauth2,
we decide to defer the migration guide for it.
We have a simplified OAuth 2.0 server implementation in extension authentication-passport’s test fixtures, which sets up an Express application as an OAuth 2.0 provider. You can find the code in file mock-oauth2-provider. At this moment people who are interested to create such a provider can use it as a reference.