node-oauth2-server
node-oauth2-server copied to clipboard
oauthjs
Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
Bumps [jshint](https://github.com/jshint/jshint) from 2.13.0 to 2.13.5. Release notes Sourced from jshint's releases. JSHint 2.13.5 2.13.5 (2022-07-08) Bug Fixes Tolerate late definition of async function (#3618) (5c256a2) JSHint 2.13.4 2.13.4 (2022-01-24)...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The [docs for `authenticateHandler`](https://oauth2-server.readthedocs.io/en/latest/api/oauth2-server.html#authorize-request-response-options-callback) say: >If there is no associated user (i.e. the user is not logged in) a falsy value should be returned. However if I return `null` I...
This pull implements PKCE support (RFC7636). It is originally based on pull #452, but has been cleaned up a bit. Summary of changes: 1. PKCE is completely optional. If the...
Bumps [sinon](https://github.com/sinonjs/sinon) from 7.5.0 to 14.0.0. Changelog Sourced from sinon's changelog. 14.0.0 c2bbd826 Drop node 12 (Morgan Roderick) And embrace Node 18 See https://nodejs.org/en/about/releases/ Released by Morgan Roderick on 2022-05-07....
Bumps [mocha](https://github.com/mochajs/mocha) from 5.2.0 to 10.0.0. Release notes Sourced from mocha's releases. v10.0.0 10.0.0 / 2022-05-01 :boom: Breaking Changes #4845: Drop Node.js v12.x support (@juergba) #4848: Drop Internet-Explorer-11 support (@juergba)...
Take a look at IFTTT for example (https://ifttt.com/docs/api_reference#authentication-flow) They require a non-expiring access token. You recommend to set the expiring time to a really big number. Should I set it...
I can see that there is an implementation of an authorization grant flow in the repo (node-oauth2-server/lib/grant-types/authorization-code-grant-type.js), but I don't see it mentioned in the documentation other than this flow...
When `alwaysIssueNewRefreshToken` is set to false, the `revokeToken()` method is never ran, and as such the `saveToken()` method is called directly without removing the older token (makes sense). So in...
When request a token by client_credential grant lib call getUserFromClient function. As explained in the documentation here: [https://oauth2-server.readthedocs.io/en/latest/model/spec.html#getuserfromclient-client-callback](url) "This model function is required if the client_credentials grant is used." But...
Feature request to support RFC7662 OAuth2.0 Token Introspection endpoint https://datatracker.ietf.org/doc/html/rfc7662 `When an OAuth 2.0 client makes a request to the resource server, the resource server needs some way to verify...
