Jared Hanson

Taking model data onto a request is probably not a pattern that I would be encouraging. As a workaround, `req.authInfo` gets passed to the exchanges. You could use this to...

Can people posting here please provide descriptions of what data is in the request that is needed (and missing) in what is currently passed to grants and exchanges? Understanding use...

Any of the people on this thread want to help and write documentation? Sent from my iPhone > On Jun 13, 2016, at 7:28 PM, Tao [email protected] wrote: > >...

What if we just add another arity form of the `immediate` callback, something like: ``` immediate(req, req.oauth2.client, req.oauth2.user, req.oauth2.req.scope, immediated); ``` Then the application can check any query params and...

Could you please provide file and line numbers where you see both the tests for it and where you think it is missing? Sent from my iPhone > On Jun...

To clarify: `Math.random()` is not used within the `oauth2orize` library, so the library has no security issues in this regard. The examples are just that: examples. Developers should stop and...

I think you misunderstand what's going on here. The `basic` or `oauth2-client-password` authentication will authenticate the _client_ making the `/token` request. The `username` and `password` are the _user_ credentials. Those...

The state parameter is just stored and echoed back to the client. Is there something other than that you are referring to?

What use case do you have that requires a login form to be submitted with `multipart/form-data` rather than `application/x-www-form-urlencoded`?

Can you post a short gist that reproduces the issue?