@allthings/oauth2-server
Advanced tools
Comparing version 4.0.0-dev.2 to 4.0.0-dev.4
@@ -64,2 +64,3 @@ 'use strict'; | ||
| this.requireClientAuthentication = options.requireClientAuthentication || {}; | ||
| this.isClientAuthenticationRequired = options.isClientAuthenticationRequired || this.isClientAuthenticationRequired; | ||
| this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken !== false; | ||
@@ -120,2 +121,3 @@ } | ||
| TokenHandler.prototype.getClient = function(request, response) { | ||
| var me = this; | ||
| var credentials = this.getClientCredentials(request); | ||
@@ -128,6 +130,2 @@ var grantType = request.body.grant_type; | ||
| if (this.isClientAuthenticationRequired(grantType) && !credentials.clientSecret) { | ||
| throw new InvalidRequestError('Missing parameter: `client_secret`'); | ||
| } | ||
| if (!is.vschar(credentials.clientId)) { | ||
@@ -147,2 +145,6 @@ throw new InvalidRequestError('Invalid parameter: `client_id`'); | ||
| if (me.isClientAuthenticationRequired(grantType, client) && !credentials.clientSecret) { | ||
| throw new InvalidRequestError('Missing parameter: `client_secret`'); | ||
| } | ||
| if (!client.grants) { | ||
@@ -184,3 +186,2 @@ throw new ServerError('Server error: missing client `grants`'); | ||
| var credentials = auth(request); | ||
| var grantType = request.body.grant_type; | ||
@@ -191,10 +192,8 @@ if (credentials) { | ||
| if (request.body.client_id && request.body.client_secret) { | ||
| return { clientId: request.body.client_id, clientSecret: request.body.client_secret }; | ||
| } | ||
| if (!this.isClientAuthenticationRequired(grantType)) { | ||
| if(request.body.client_id) { | ||
| return { clientId: request.body.client_id }; | ||
| if (request.body.client_id) { | ||
| var result = { clientId: request.body.client_id }; | ||
| if (request.body.client_secret) { | ||
| result.clientSecret = request.body.client_secret; | ||
| } | ||
| return result | ||
| } | ||
@@ -201,0 +200,0 @@ |
| { | ||
| "name": "@allthings/oauth2-server", | ||
| "description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", | ||
| "version": "4.0.0-dev.2", | ||
| "version": "4.0.0-dev.4", | ||
| "keywords": [ | ||
@@ -6,0 +6,0 @@ "oauth", |
@@ -12,2 +12,11 @@ # oauth2-server | ||
| ## Allthings Custom implementation | ||
| Due to the lack of maintenance of the project this was forked @allthings. | ||
| ### Changes since fork (by Allthings) | ||
| 1. Bug-fix for query parameters in the redirect_uri during authorization. | ||
| 1. `isClientAuthenticationRequired` can now be overwritten in for the server options allowing us to not require a `client_secret` for public clients. | ||
| ## Installation | ||
@@ -14,0 +23,0 @@ |
Sorry, the diff of this file is not supported yet
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.27%
259978
- Number of lines in readme file
- increased by13.04%
78
- Number of medium supply chain risk alerts
- decreased by-100%
0