Open bloadvenro opened 7 years ago
Can you clarify where are the two locations in the code that you believe to be duplicated calls?
It's been a while, but just for sake of clarification, this is how it is duplicated:
In the token endpoint middleware stack here: https://github.com/gerges-beshay/oauth2orize-examples/blob/master/routes/oauth2.js#L204-L205, it declares a passport usage and the oauth2orize token() middleware. The passport strategy fetches the client here: https://github.com/gerges-beshay/oauth2orize-examples/blob/master/auth/index.js#L46, then that fetched client is passed as an argument to the token exchange here: https://github.com/gerges-beshay/oauth2orize-examples/blob/master/routes/oauth2.js#L123, but rather than just use the fetched client, it fetches it again in the oauth2orize client_credential exchange.
Hi.
My question is:
Why do we need to check client twice? Isn't it enough to fetch client in passport strategy and then simply use client object which was passed down to oauth2orize clientCredentials exchange handler? Or this duplication is just for demo purposes?
Thank you!