node-oauth2-server
node-oauth2-server copied to clipboard
node-oauth
🚀 The successor to oauthjs/oauth2-server. 🔒 Complete, compliant, maintained and well tested OAuth2 Server for node.js. Includes native async await and PKCE.
Currently there is not distinction between confidential and public clients as it is needed by RFC6749 We should add an attribute "type" for the Client-Object. In the Authorization Grant Flow...
We should document, that some conformity rules can only be implemented by the express/fastify/koa-etc. layer. Maybe we should collect the MUST rules for meeting the conformity requirements but are (currently?)...
The UnauthorizedRequestError is not a standard error code. According to the reference in the comment https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 there is no unauthorized_request error. UnauthorizedRequestError is used in the AuthenticateHandler for indicating that...
InvalidArgumentError or invalid_argument is not a oauth2-error. It is used by oauth2-server to indicate errors like that specific internal implementation is wrong. E.g. Request is missing header. Also the HttpStatusCode...
We should add tests to fully cover [section 10 - security considerations](https://datatracker.ietf.org/doc/html/rfc6749.html#section-10) and cover as much as possible that can be covered without going into implementation details.
Bumps [sinon](https://github.com/sinonjs/sinon) from 17.0.2 to 18.0.0. Changelog Sourced from sinon's changelog. 18.0.0 This is what 17.0.2 should have been, as that contained two breaking changes. After updating Nise we are...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Token handler on PCKE flow is not verifying code_verifier and expecting client_secret. Providing client_secret will defeat PKCE flow. Please assist.
Bumps [eslint](https://github.com/eslint/eslint) from 8.57.0 to 9.2.0. Release notes Sourced from eslint's releases. v9.2.0 Features 8485d76 feat: no-case-declarations add suggestions (#18388) (Josh Goldberg ✨) a498f35 feat: update Unicode letter detection in...
Bumps [mocha](https://github.com/mochajs/mocha) from 10.7.0 to 10.7.3. Release notes Sourced from mocha's releases. v10.7.3 10.7.3 (2024-08-09) 🩹 Fixes make release-please build work (#5194) (afd66ef) v10.7.2 10.7.2 (2024-08-06) 📚 Documentation improve filtering...
## Summary I'm looking to implement client assertion support. At the moment I'm leaning to keeping as much of this in user-land code, but maybe we should have a way...
Metadata
Owner
Metadata
🚀 The successor to oauthjs/oauth2-server. 🔒 Complete, compliant, maintained and well tested OAuth2 Server for node.js. Includes native async await and PKCE.