ksmithut
commented
6 years ago All of the token based endpoints are used that way because those won't be session based. The user will be retrieved via the oauth flow. But this line: https://github.com/gerges-beshay/oauth2orize-examples/blob/master/routes/site.js#L10 shows that when a user is signed in locally to the oauth2 server, it will save a session so the user doesn't have to enter their credentials.
I would like to know how is i being handled in the flow, I'm seeing that all the uses of authenticate is using "{session:false}"
thanks