node-oauth2-server icon indicating copy to clipboard operation
node-oauth2-server copied to clipboard

Published 20 hours ago verified publisher icon oauthjs

User's IP in saveToken and generateAccessToken

Open sm2017 opened this issue 7 years ago • 14 comments

How can I access to User's IP in saveToken and generateAccessToken ?

sm2017 avatar Oct 28 '18 11:10 sm2017

@thomasdashney , @mjsalinger Context must be passed as an argument to methods

sm2017 avatar Oct 30 '18 14:10 sm2017

After 6 days , No response 😢

sm2017 avatar Nov 03 '18 08:11 sm2017

I did it with scope parameter ( it passed to generateAccessToken ) Agree that scope have different thing but for now there is only one way to pass additional parameters to be added to token claims

pereslava avatar Nov 07 '18 10:11 pereslava

@Doom100500 thanks, good idea for temporary solution Still I believe that context must be passed to all methods

sm2017 avatar Nov 07 '18 10:11 sm2017

@sm2017 , I'm sorry to tell that scope request parameter not passed to generateAccessToken on refresh_token grant type. For this case, i think saving the ip for token in DB can be workaround...

pereslava avatar Nov 07 '18 17:11 pereslava

@Doom100500 thank you

@oauthjs Why no author/contributor of this reposit responses this issue Someone must assign issues

sm2017 avatar Nov 07 '18 19:11 sm2017

Nooo way, it just not working with the current flow. To get additional claims to be embedded to the generated access token is just not possible with the current flow. There is really missing some context to available during request. I didn't found a way to pass the additional claims for two grand types (password and refresh_token) i just getting lost on calls to model methods. And no way to share it in the model without an additional state existing during the request. The bottom line - we cannot use scope to configure payload of the access token. It must be another way...

pereslava avatar Nov 07 '18 19:11 pereslava

I found the reason why the scope not passed to generateAccessToken on 'refresh_token' grant_type.

In refresh-token-grant-type.js

change return this.saveToken(token.user, client, token.scope); to return this.saveToken(token.user, client, request.body.scope);

solved the problem.

It is seems like bug. But no hope it will be fixed, or pull request will be accepted. The repo seems dead last 3 - 4 months

pereslava avatar Nov 08 '18 06:11 pereslava

created a pull request: #540 for temporary working solution: npm i https://github.com/Doom100500/node-oauth2-server.git

pereslava avatar Nov 08 '18 06:11 pereslava

@sm2017 +1

geekdada avatar Nov 29 '18 02:11 geekdada

@joaogranado @lfk @maxtruxa @mjsalinger @ruimarinho @ruipenso @thomseddon

Is oauthjs/node-oauth2-server library abandoned?

sm2017 avatar Nov 29 '18 05:11 sm2017

@sm2017 have you had any luck with this ? I'm currently trying achieve the same thing

rcauquil-pycom avatar Sep 01 '20 16:09 rcauquil-pycom

@rcauquil-pycom I forked this library in a private repository and customized it for my use case

sm2017 avatar Sep 01 '20 16:09 sm2017

@sm2017 ok thanks, what have you done to be able to get the req scope inside the model ?

rcauquil-pycom avatar Sep 02 '20 07:09 rcauquil-pycom