Comment by Joel Jensen on "REST-Interface with OAuth and NodeJS"

I find your question a little bit hard to understand. Here is my understanding :

You have an app which has two types of authentication - Oauth and Local (username/password).
You want regular users to authenticate via username/password and other apps via Oauth.

If this is correct, I would suggest you to proceed in the following way :

Have different REST APIs for different purposes. Don't mix up the APIs meant for your normal users with those used by external apps. If some logic should be reused, put it in a module and just require it from different route handlers.
Protect the APIs meant for external apps with Oauth strategy.
Protect the APIs meant for regular users with a different authentication mechanism e.g. passport-local.

Let us know if this solves your problem or you meant something different.

Search Hashnode