Open wallzero opened 6 years ago
Is this fixed already? I am using password grant. We have the same issues and actually encountered different issues but this is just one. To all the issues I encountered, I dealt it by making sure that all methods return should match the object structure the OAuth2.0 server is expecting in the model. Like:
function getRefreshToken(bearerToken) {
// more codes here
return {
refreshToken: result[0].refresh_token,
refreshTokenExpiresAt: result[0].expires_at,
// scope: result[0].scope, // optional.
client: { id: result[0].client_id }, // with 'id' property
user: { id: result[0].user_id },
};
You can add more as the docs says but the minimum should be met.
Also you do not have to modify anything in the response cause express-oauth-server will take care of it.
router.post('/', app.oauth2.token());
is just enough.
By the way I'm using express-oauth-server version ^2.0.0
.
Greetings,
Excellent work on this project! With the lastest
oauth2-server
I have a workingclient
andpassword
model. I am able to generate and verify user, client, and token credentials.My last step is creating a login page and redirect flow. I am attempting to use
express-oauth-server
. Now, the example given contains aTODO:
:This example seems to expect the
express
middleware to verify the credentials? Following other users examples, I am instead verifying user/client credentials in the model (getClient
,getUser
); notexpress
middleware.So alternatively I am trying to use the provided
token()
method. For example:Authentication works, and a token is generated. After using
token()
, though, I am given token in a response body but without a redirect. How exactly is the client supposed to get the token? Here it seems to redirect if the response contains a302
; but if I set a302
in my response,new Response(res)
seems to reset it back to a200
..token()
also doesn't redirect back to/login
on a failed attempt.So instead I am using
expressOAuthServer.server.token(req, res).then((val) => {/* handle token */});
, which is more manual. It seems wrong. I feel like I am missing something obvious in how I am usingexpress-oauth-server
and am hoping someone can give me a couple working examples. Thanks!