oauth2orize issues

Results 79 oauth2orize issues

Sort by recently updated

Added arities to exchange methods for request headers

After the conversation https://github.com/jaredhanson/oauth2orize/pull/148 I changed the pull request for backward compatibility of arity params.

thinkingmik

Implicit grants should include scope in the redirection hash

http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.2.2 If scope is different from the app's requested scope, it's a required parameter (otherwise optional). Since the decision middleware doesn't explicitly handle scope, it has no way to tell...

jmandel

Math.random() shouldn't be used

Math.random() isn't a cryptographically secure random number generating, meaning that people could easily guess the seed by looking at the V8 chrome code and then generate their own tokens. Most...

FrankHassanabad

Automatic Authorization

Which would be the way to authorize automatically wihtou show the decision dialog? All examples i´ve seen seems to be outdated. Thanks, Rodrigo

igo88

Failed to obtain access token

Hello, I have a problem and i can`t get the access token.In other words i checked and i can`t make the exchange between the authorization code and the access token.I...

CozmaSerban

Req.user is sometimes a user and sometimes a client

It's confusing that req.user is a client when doing a client credentials exchange. This makes for some messy checking when we want to determine if we are working with a...

facultymatt

Missing expires_in in token response

Although I see `expires_in` being checked in tests, I do not see it returned with the access token. Is this an oversight?

facultymatt

Returning message with redirect_uri

I have successfully implemented an OAuth2 server in my application, I am trying to return the failure message to the user, such as 'Incorrect username/password', my local strategy looks like...

kitlee

When using auth_code grant, code redirects with query params, token with hash

When you request an auth_code grant, there is a difference in the redirect between code and token. Code: https://github.com/jaredhanson/oauth2orize/blob/master/lib/grant/code.js#L138 Token: https://github.com/jaredhanson/oauth2orize/blob/master/lib/grant/token.js#L145 What is the reasoning for this difference?

facultymatt

Missing trailing newline in responses and json pretty printing

oauth2orize middleware uses res.end to send back authorization responses. As a result, responses lack the trailing newline at the end, which makes using curl to test oauth endpoints "funny". It...

alex94cp

oauth2orize
oauth2orize copied to clipboard

Metadata

Added arities to exchange methods for request headers

Implicit grants should include scope in the redirection hash

Math.random() shouldn't be used

Automatic Authorization

Failed to obtain access token

Req.user is sometimes a user and sometimes a client

Missing expires_in in token response

Returning message with redirect_uri

When using auth_code grant, code redirects with query params, token with hash

Missing trailing newline in responses and json pretty printing

← Metadata

Owner

Metadata

oauth2orize oauth2orize copied to clipboard

Metadata

← Metadata

Owner

Metadata

oauth2orize
oauth2orize copied to clipboard