Question: what thies does and what this doesn't

[toxic0berliner]

Hello, I'm considering using this to provide an OAuth server using an /etc/shadow file as backend for the user directory, and in_memory or json file to persist tokens. If I understand correctly, I should start from your express example. I pretty much see how I should write my model class with my custom getUser function to parse /etc/shadow file and check the username/password.

If I'm alsoo correct, I see no frontend and therefore no session settings either on this or on the express. Meaning I would have to make my own login page asking for login/password, handle cookies and sessions myself if I want to avoid asking for the username/password each time, ...

To be clear, I'm not yet interested in managing clients (SP), so for now I can write a model that simply allows any redirect_url for any client_id and client_secret... But If I were interested, I'd also have to make my own web UI to manage these, allowing to create/delete/edit these and persist them however I choose to.

I now understand that this is probably meant to be an oauth server between microservices that call eachother and probably not facing the end-users... Will be looking for a more "all-in-one" solution a bit further but for now this is my best bet on how to use my local unix users/passwords and re-use them fith all the webapps I instanciate that are OAuth2 capable...