Examples are out of date

node-oauth / express-oauth-server

🔒 Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js

https://www.npmjs.com/package/@node-oauth/express-oauth-server

MIT License

27 stars 8 forks source link

Examples are out of date #14

Open jfstephe opened 1 year ago

jfstephe commented 1 year ago

Hi,

I'm n the process of trying to use the in-memory model in the examples folder to get going but in my Typescript project I have several errors relating to missing functions. I suspect that this also may apply to the other examples too.

e.g. verifyScope()

Can you confirm?

John

jfstephe commented 1 year ago

Also, client_secret is always null AFAICT in the getClient calls to the model.

jankapunkt commented 1 year ago

Hi @jfstephe can you please provide some more debugging info:

which package version do you use
which flow do you implement
do you mind sharing the code of the model impl. If it differs from the example impl
any info that helps to reproduce the issue

jfstephe commented 1 year ago

Hi, Using the latest version with auth code. I think it should be easy to reproduce as you just need to use the In Memory Model example in a typescript project.

Also I think all the examples/docs are missing that you need to implement the authenticateHandler.handle method.

    const oauth = new OAuthServer({
      model: new InMemoryAuthModel(),
      authenticateHandler: {
        handle: function(req, res) {
          // Check if authenticated and return a user object if so
          return req.session.user;
        }
      }
    });

Without that you can't get a code.

jfstephe commented 1 year ago

Related to https://github.com/node-oauth/node-oauth2-server/issues/180 I'm trying to understand where: 1) a user that currently isn't signed into the web server should get a session (via normal app logon) and pick up the process 2) when a user has got a session and they are setting up a third party service to use oauth for the first time, when/where do they get redirected to the 'are you ok allowing this third party access your data' consent screen.

I can't find anything anywhere where this is clearly explained.

jfstephe commented 1 year ago

Also, in the memory example saveToken() should also persist the client (as it does in the other examples).

binajmen commented 7 months ago

@jfstephe Did you manage to solve this puzzle ? I'm having troubles to put the pieces together..

jankapunkt commented 7 months ago

Yes examples are still out of date and need to be updated to work with async (PR #22)

jankapunkt commented 7 months ago

I removed the examples from this repo and will update them in our dedicated examples repo at https://github.com/node-oauth/node-oauth2-server-examples

Edit - they are not there yet but I will add them later on