node-oauth2-server
node-oauth2-server copied to clipboard
oauthjs
Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
Hey guy, there is any lack on support of implicit flow? Because when I try to use response_type token it returns response_type not supported and in the line of response...
Hello, I'm trying to implement authorize({authenticateHandler:{handler: Function}) and is needed at [here](https://github.com/oauthjs/node-oauth2-server/blob/master/lib/handlers/authorize-handler.js#L164) to add client_id to the body or to the query parameters, but clientSecret isn't required. This enters in...
Essentially all calls to the model occur in the context of a request of some sort (literally request in express). I think that context should be the first argument to...
Hi, Is there any plans on supporting the "Device Authorization Grant" as in https://tools.ietf.org/html/rfc8628? thank you Anton
I'm trying to create an access_token for a password flow, however the current implementation makes this impossible. ``` routes.oauth = new OAuth2Server({ model: user.schema.methods, grants: ['password'], debug: true }); routes.post('/token',...
The lodash package need to be upgraded: https://snyk.io/vuln/SNYK-JS-LODASH-590103
When I clicked to create an issue, I intended to create an issue that token introspection ([RFC-7662](https://tools.ietf.org/html/rfc7662)) was included in this authorization server. However after looking a bit more, is...
The object returned by the response.getHeaders() method does not prototypically inherit from the JavaScript Object https://nodejs.org/api/http.html\#http_response_getheaders So hasOwnproperty may be missing on headers
Hi In handlers/token-handler.js, you use instanceof at line 145: ``` if (!(client.grants instanceof Array)) { ``` This causes my grants array to fail, even though it is an array. Can...
When request an authorization code with invalid scope and state parameter, 'location' in response header does not contain '&state=xxxx' in the url. While for the others invalid cases (missing 'code_type'...
