Development

[jankapunkt]

Merge development into master, making 5.0.0 the new stable

[jankapunkt]

@eddy-minet-holis I think I don't understand, does release 5.0.0 fix the issue you described with the code challenge?

[jankapunkt]

@jorenvandeweyer I added three missing files that were removed by merge-override. Master should not again point to the same HEAD as development. From here we should work keep up working on development and merge into the respective target branches. Edit: would you mind to review and approve again?

[jorenvandeweyer]

Approved it again.

@jankapunkt I also suggest we stop using release-x.y.z branches and only use releases. I think this is a better way to manage our releases since there will never be any new commits to a released branch.

So to clarify

• master will be the stable 5.x release
• development is the development branch and will be merged into master for each release
• 4.x will be the support branch for security fixes. We can create this from the existing release-4.3.0 branch.
  • new 4.x.x+1 patches will be started from this branch.

I suggest we clean up and delete all our branches

• stale branches (eg. promisify, v4.3.0-dev)
• any branches from the original repository (eg. v5-dev, security)
• feature branches which are merged (eg. remove-util-inherits)

[jankapunkt]

@jorenvandeweyer I fully agree with your proposal.

[eddy-minet-holis]

@eddy-minet-holis I think I don't understand, does release 5.0.0 fix the issue you described with the code challenge?

Yes. And I think the fix should be applied for 4.3 users. Actually the workaround is easy when using the lib, but without it the PKCE flow just can't work :

req.body.code_challenge = req.query.code_challenge; req.body.code_challenge_method = req.query.code_challenge_method: const oauthReq = new oauth2.Request(req); const oauthRes = new oauth2.Response(res); ...

talking about: commit ca43d4aa08c8eea0b3715442c0de7dc7278f79a6

[jankapunkt]

@eddy-minet-holis I published a fix as 4.3.3, feel free to test and please file an issue if this still not fixes things.

@jorenvandeweyer in concordance with your proposed branch structure I also aligned the NPM tags:

• next - development and RC releases
• latest - latest stable releases from the current stable major (currently v5)
• maintenance - the maintenance-mode releases, currently v4

see: https://www.npmjs.com/package/@node-oauth/oauth2-server?activeTab=versions

[eddy-minet-holis]

@eddy-minet-holis I published a fix as 4.3.3, feel free to test and please file an issue if this still not fixes things.

Works great in 4.3.3, thanks!