Is trustedTestClient for both dev and production?

[dagumak]

I was looking through the code, but I couldn't find the part where this might have been forked off. Is this made for only dev?

[lucj]

Hi, the trusted and untrusted clients are just for testing puroses. They are created iby config/bootstrap.js and are then available for Dev and production. This is still a work in progress, I need to enhance the flow and also move it to 0.10. I hope this helps. Please let me know if you have any questions.

[dagumak]

@lucj Thanks for the quick reply, I appreciate it. I was actually going to create something like this, but I'm glad I found this. What are some milestones for this project other than Implicit Grant?

[lucj]

@dagumak No problem. On top of the implicit grant, I have another fix to perform (http://stackoverflow.com/questions/25833533/secure-nodejs-app-with-oauth2-not-automatically-redirected-to-allow-deny-page), if you have any idea, please do not hesitate :) Also, I need to migrate form sails 0.9.16 to 0.10.2

[dagumak]

I took a brief look at your StackOverflow, and the first thing I noticed is that you are expecting the view (/login) to redirect you the same way the OAuth code does. Am I wrong to expect that this is actually working and is running two separate codes?

Upon further inspection, your login route is hitting the AuthController which runs the local strategy for passport. I think you want to swap this out in exchange for a the OAuth one to get the behaviour that you are expecting.

Edit: Actually, I think the /login should be disabled entirely since we are getting the access token from the '/oauth/authorize' endpoint. I think this will be more progressive towards a service oriented architecture.

[lucj]

Thanks a lot, I'll check this as soon as I can. Thanks for your help.