node-oauth2-server
node-oauth2-server copied to clipboard
oauthjs
Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
Updated documentation to describe how to implement custom grant types
According to [https://tools.ietf.org/html/rfc6749#section-4.1.2.1](https://tools.ietf.org/html/rfc6749#section-4.1.2.1), only when the `redirect_uri` & `client_id` were correct, the authorisation server should inform the client that user had denied access. The change is to move validation of...
For consistency shouldn't client.id be client.clientId? in: if (token.client.id !== client.id) { throw new InvalidGrantError('Invalid grant: refresh token is invalid'); } Keeping old format with && switch for backwards compatibility:...
The implementation ( lib/handlers/authenticate-handler.ts#L145 ) of the pattern matching for the Bearer token matches only the string "Bearer" followed by one whitespace character followed by any number of non-whitespace characters....
parameter `client_id` and `client_secret` should be deleted, when grant_type is `password` https://tools.ietf.org/html/rfc6749#section-4.3 I got a error when i was calling `oauth.token()`. `Invalid client: cannot retrieve client credentials` I'm using `express-oauth-server...
When the autentication for get a resource fails (so only when checking the Authorization header), the [RFC 6750](https://tools.ietf.org/html/rfc6750.html#section-3.1) says that a `WWW-Authenticate` header must be set in the response. This...
I'm not sure if I am understanding this correctly, but when trying to implicit grant (on dev branch), it is trying to authenticate first. Should this be happening or is...
In document https://oauth2-server.readthedocs.io/en/latest/model/spec.html#validatescope-user-client-scope-callback >To accept partially valid scopes: ```js // list of valid scopes const VALID_SCOPES = ['read', 'write']; function validateScope(user, client, scope) { return scope .split(' ') .filter(s =>...
The documentation recommends using `authorization` grant type to register user. I tried this flow but in Authorization Handler it's default action is to authenticate client before authorizing which doesn't make...
