search

jaredhanson / oauth2orize

OAuth 2.0 authorization server toolkit for Node.js.
https://www.oauth2orize.org?utm_source=github&utm_medium=referral&utm_campaign=oauth2orize
MIT License
3.46k stars 471 forks source link

Token middleware does not call application server's "next" #216

Open Earthstar opened 7 years ago

Earthstar commented 7 years ago

I'm using oauth2orize v1.0.1 with restify. The server is configured to use the token middleware as such:

var oauth2orize = require('oauth2orize');
var oauth2Server = oauth2orize.createServer();

server.post('/oauth/token',
      passport.authenticate('oauth2-client-password', { session: false }),
      oauth2Server.token(),
      oauth2Server.errorHandler()
);

The server is also configured to log after the server has finished processing a response.

server.on('after', function(req, res) {
    var responseLog = {
        type: 'response',
            method: req.method,
            path: req.path(),
            route: req.route && req.route.path
        };

    req.log.info(responseLog);
});

However, the logging code is not executed after /oauth/token requests. This is because the token middleware doesn't call restify's "next" method unless there's an error. You can see this if you add an additional middleware after oauth2Server.token().

var oauth2orize = require('oauth2orize');
var oauth2Server = oauth2orize.createServer();

server.post('/oauth/token',
      passport.authenticate('oauth2-client-password', { session: false }),
      oauth2Server.token(),
      function(req, res, next) {
            console.log('after token middleware'); // this doesn't get executed
            next();
      }
      oauth2Server.errorHandler()
);

I believe the token middleware should always call restify's "next" regardless of whether there's an error.

0x1Roshan commented 6 years ago

@Earthstar @jaredhanson its because the response is end in clientCredentials.js file issued method.