Closed jankapunkt closed 10 months ago
@eddy-minet-holis I think I don't understand, does release 5.0.0
fix the issue you described with the code challenge?
@jorenvandeweyer I added three missing files that were removed by merge-override. Master should not again point to the same HEAD as development. From here we should work keep up working on development and merge into the respective target branches. Edit: would you mind to review and approve again?
Approved it again.
@jankapunkt I also suggest we stop using release-x.y.z
branches and only use releases. I think this is a better way to manage our releases since there will never be any new commits to a released branch.
So to clarify
master
will be the stable 5.x releasedevelopment
is the development branch and will be merged into master
for each release4.x
will be the support branch for security fixes. We can create this from the existing release-4.3.0
branch.
4.x.x+1
patches will be started from this branch. I suggest we clean up and delete all our branches
promisify
, v4.3.0-dev
)v5-dev
, security
)remove-util-inherits
)@jorenvandeweyer I fully agree with your proposal.
@eddy-minet-holis I think I don't understand, does release
5.0.0
fix the issue you described with the code challenge?
Yes. And I think the fix should be applied for 4.3 users. Actually the workaround is easy when using the lib, but without it the PKCE flow just can't work :
req.body.code_challenge = req.query.code_challenge; req.body.code_challenge_method = req.query.code_challenge_method: const oauthReq = new oauth2.Request(req); const oauthRes = new oauth2.Response(res); ...
talking about: commit ca43d4aa08c8eea0b3715442c0de7dc7278f79a6
@eddy-minet-holis I published a fix as 4.3.3
, feel free to test and please file an issue if this still not fixes things.
@jorenvandeweyer in concordance with your proposed branch structure I also aligned the NPM tags:
next
- development and RC releaseslatest
- latest stable releases from the current stable major (currently v5)maintenance
- the maintenance-mode releases, currently v4see: https://www.npmjs.com/package/@node-oauth/oauth2-server?activeTab=versions
@eddy-minet-holis I published a fix as
4.3.3
, feel free to test and please file an issue if this still not fixes things.
Works great in 4.3.3, thanks!
Merge development into master, making 5.0.0 the new stable