In short - it doesn't assume that you want to use oauth for user authentication and authorization.
Maybe you just want users to add their dropbox or box account to an existing account. Maybe you need to make a one-time call to a service in their name.
Passport and everyauth simply assume too much: that you will need an authentication strategy, that the strategy will have a getter function for the user, that you actually have users...
oauth-flow just implements the authorization flow: redirects the user to the oauth provider (facebook, twitter, etc), then when the user returns, they return at the same URL and the next middleware is called with req.oauth containing all oauth data such as tokens.
Then you can do whatever you want with those - make an API call, authorize the user using their external ID, register a new user...
Its a smaller, more focused module, better aligned with the principle of doing one thing only and doing it well. And it doesn't require adding any global middleware inside the app.configure block such as in passport.
Maybe you just want users to add their dropbox or box account to an existing account. Maybe you need to make a one-time call to a service in their name.
Passport and everyauth simply assume too much: that you will need an authentication strategy, that the strategy will have a getter function for the user, that you actually have users...
oauth-flow just implements the authorization flow: redirects the user to the oauth provider (facebook, twitter, etc), then when the user returns, they return at the same URL and the next middleware is called with req.oauth containing all oauth data such as tokens.
Then you can do whatever you want with those - make an API call, authorize the user using their external ID, register a new user...
Its a smaller, more focused module, better aligned with the principle of doing one thing only and doing it well. And it doesn't require adding any global middleware inside the app.configure block such as in passport.