amkirwan
commented
9 years ago I like the idea of adding Authorization flow this way. Can you add some tests to validate the changes?
Closed derekbedwards closed 9 years ago
amkirwan
commented
9 years ago I like the idea of adding Authorization flow this way. Can you add some tests to validate the changes?
amkirwan
commented
9 years ago I went ahead and wrote the tests for the feature and added the update with a few changes
Existing module supports strictly token-based (Implicit Grant) authorization flow, making it incompatible with Linkedin, Stripe and several other OAuth providers. This PR adds support for Authorization Code grants, allowing the developer to define a success handler that sends the code to a backend (which may then retrieve an access token using a combination of client id, client secret and the authorization code.)
Defaults to "token" response_type for backwards compatibility. Developer can enable Authorization Code grant by setting providerConfig responseType to "code". When Authorization Code grant is enabled, the auth success handler will receive the code instead of the state object.