passport-oauth2
passport-oauth2 copied to clipboard
jaredhanson
This client violates the RFC for openid
Greetings!
We recently got a support ticket from a customer who is using your passport oauth2 module. They are having an issue with client authentication. The issue does not occur when using other standards-compliant modules to do oauth2 flows.
We use https://github.com/panva/node-oidc-provider an OpenID certified project as our server. I believe the issue we are running into is this: https://github.com/panva/node-oidc-provider/issues/361
The problem is that the spec is not being followed in the passport-oauth2 module.
Could you look into this? Is this something you are willing to fix?
This issue may be related: https://github.com/jaredhanson/passport-oauth2/issues/106
Thanks!
Have you identified whether the issue is this package, or the underlying node-oauth package? The underlying package is responsible for serializing credentials, so it may be there.
Sent from my iPhone
On Oct 10, 2019, at 2:07 PM, Dan Dumont [email protected] wrote:
Greetings!
We recently got a support ticket from a customer who is using your passport oauth2 module. They are having an issue with client authentication. The issue does not occur when using other standards-compliant modules to do oauth2 flows.
We use https://github.com/panva/node-oidc-provider an OpenID certified project as our server. I believe the issue we are running into is this: panva/node-oidc-provider#361
The problem is that the spec is not being followed in the passport-oauth2 module. Could you look into this? Is this something you are willing to fix? This issue may be related: #106
Thanks!
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Actually... taking a look at that project, you may want to consider moving away. Last commit was 2017. There are tons of open issues, and it appears to be abandoned.