The @harperfast/oauth plugin provides OAuth 2.0 and OpenID Connect (OIDC) authentication for Harper applications.
npm install @harperfast/oauthAdd the plugin to your Harper application's config.yaml:
'@harperfast/oauth':
package: '@harperfast/oauth'
providers:
github:
clientId: ${OAUTH_GITHUB_CLIENT_ID}
clientSecret: ${OAUTH_GITHUB_CLIENT_SECRET}For local development, export variables in your terminal session:
export OAUTH_GITHUB_CLIENT_ID="your_github_client_id"
export OAUTH_GITHUB_CLIENT_SECRET="your_github_client_secret"Note: These
exportcommands are for local development only. You can also use a.envfile withdotenv-clifor local dev — just don't commit it to source control.For Harper Fabric deployments, your app-root
.envis deployed alongside your component, so the same.envyou use locally works in production — see the Harper Fabric documentation for managing runtime environment variables.
If you need to provision users or customize the authentication flow, register hooks in your resources.js:
import { registerHooks } from '@harperfast/oauth';
registerHooks({
onLogin: async (oauthUser, tokenResponse, session, request, provider) => {
// Find or create user
let user;
for await (const u of tables.User.search([{ attribute: 'email', value: oauthUser.email }])) {
user = u;
break;
}
if (!user) {
user = await tables.User.create({ email: oauthUser.email, name: oauthUser.name });
}
return { user: String(user.id) };
},
});See Lifecycle Hooks for complete details.
npm startNavigate to:
http://localhost:9926/oauth/github/login
The OAuth plugin includes built-in templates for:
- GitHub - OAuth 2.0
- Google - OIDC
- Azure AD - OIDC
- Auth0 - OIDC
- Okta - OIDC
- Custom - Generic OIDC provider
Important: Built-in providers are templates only. None are active until you configure them with
clientId,clientSecret, and other required settings. The presence of provider code does not enable authentication or create security exposure.