node-oauth2-server icon indicating copy to clipboard operation
node-oauth2-server copied to clipboard

Published 20 hours ago verified publisher icon oauthjs

[dev] authorization_code is required with implicit grant type only

Open miloszsobczak opened this issue 6 years ago • 1 comments

Hi,

On dev branch there is a bug with implicit flow which has been added recently. Actually when I create model with implicit value only into grants property I've got error: model.js

        return Promise.resolve({
            id: clientId,
            grants: ['implicit'],
            redirectUris: ['http://localhost:4400/']
        });
    }

given error:

Unhandled rejection unauthorized_client: Unauthorized client: `grant_type` is invalid
    at new UnauthorizedClientError (***\node_modules\oauth2-server\lib\errors\unauthorized-client-error.js:25:14)

which reflects those lines:

if (!_.includes(client.grants, 'authorization_code')) {
        throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid');
      }

The problem is no longer visible when I push authorization_code into grants array.

Am I missing something? Imho implicit grant type should sufficent.

miloszsobczak avatar Aug 16 '18 11:08 miloszsobczak

Merged into dev. Will be included in v4.0.0.

mjsalinger avatar Sep 05 '18 11:09 mjsalinger