search

node-oauth / express-oauth-server

🔒 Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
https://www.npmjs.com/package/@node-oauth/express-oauth-server
MIT License
27 stars 8 forks source link

Cannot use next middleware if `continueMiddleware` is set to true #29

Closed mbastos-sis closed 1 month ago

mbastos-sis commented 1 month ago

Hello!

I'm trying to make the expires_in property be dynamic for the response payload based on a custom property sent through saveToken() on the model. I've enabled the continueMiddleware flag during the initialization of the middleware. But when enabled, it's not possible to have any middleware be executed after OAuth calls next() since after calling that it still tries to call res.send through handleResponse.

The current setup I have is:

const oauth = new ExpressOAuthServer({
  ...,
  continueMiddleware: true,
});

app.use(
  "/oauth2/token",
  oauth.token(),
  OAuthExpiresInMiddleware
);

Anything I try to execute in my OAuthExpiresInMiddleware will later then throw a unhandled rejection error with [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client. This makes the

https://github.com/node-oauth/express-oauth-server/blob/ad70e7c33f20f53fa7293a8e96b226ecaf271dd7/index.js#L142-L165

By doing some testing, I've noticed that adding a return to the code on line 157 makes it work.

-next();
+return next();

Without adding the return statement, any middleware added after the oauth.token() will only have the purpose of logging or something, but not actually returning data.

Is proposed change possible?

mbastos-sis commented 1 month ago

I realized that this change would probably break the library's expected behavior, so I'll be closing this issue.