@allthings/oauth2-server
Advanced tools
Comparing version 4.0.0-dev.2 to 4.0.0-dev.4
@@ -64,2 +64,3 @@ 'use strict'; | ||
this.requireClientAuthentication = options.requireClientAuthentication || {}; | ||
this.isClientAuthenticationRequired = options.isClientAuthenticationRequired || this.isClientAuthenticationRequired; | ||
this.alwaysIssueNewRefreshToken = options.alwaysIssueNewRefreshToken !== false; | ||
@@ -120,2 +121,3 @@ } | ||
TokenHandler.prototype.getClient = function(request, response) { | ||
var me = this; | ||
var credentials = this.getClientCredentials(request); | ||
@@ -128,6 +130,2 @@ var grantType = request.body.grant_type; | ||
if (this.isClientAuthenticationRequired(grantType) && !credentials.clientSecret) { | ||
throw new InvalidRequestError('Missing parameter: `client_secret`'); | ||
} | ||
if (!is.vschar(credentials.clientId)) { | ||
@@ -147,2 +145,6 @@ throw new InvalidRequestError('Invalid parameter: `client_id`'); | ||
if (me.isClientAuthenticationRequired(grantType, client) && !credentials.clientSecret) { | ||
throw new InvalidRequestError('Missing parameter: `client_secret`'); | ||
} | ||
if (!client.grants) { | ||
@@ -184,3 +186,2 @@ throw new ServerError('Server error: missing client `grants`'); | ||
var credentials = auth(request); | ||
var grantType = request.body.grant_type; | ||
@@ -191,10 +192,8 @@ if (credentials) { | ||
if (request.body.client_id && request.body.client_secret) { | ||
return { clientId: request.body.client_id, clientSecret: request.body.client_secret }; | ||
} | ||
if (!this.isClientAuthenticationRequired(grantType)) { | ||
if(request.body.client_id) { | ||
return { clientId: request.body.client_id }; | ||
if (request.body.client_id) { | ||
var result = { clientId: request.body.client_id }; | ||
if (request.body.client_secret) { | ||
result.clientSecret = request.body.client_secret; | ||
} | ||
return result | ||
} | ||
@@ -201,0 +200,0 @@ |
{ | ||
"name": "@allthings/oauth2-server", | ||
"description": "Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js", | ||
"version": "4.0.0-dev.2", | ||
"version": "4.0.0-dev.4", | ||
"keywords": [ | ||
@@ -6,0 +6,0 @@ "oauth", |
@@ -12,2 +12,11 @@ # oauth2-server | ||
## Allthings Custom implementation | ||
Due to the lack of maintenance of the project this was forked @allthings. | ||
### Changes since fork (by Allthings) | ||
1. Bug-fix for query parameters in the redirect_uri during authorization. | ||
1. `isClientAuthenticationRequired` can now be overwritten in for the server options allowing us to not require a `client_secret` for public clients. | ||
## Installation | ||
@@ -14,0 +23,0 @@ |
Sorry, the diff of this file is not supported yet
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
259978
78
0