search

oauthjs / node-oauth2-server

Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
https://npmjs.org/package/oauth2-server
MIT License
4.01k stars 930 forks source link

Why is the regex like that #227

Open adin234 opened 8 years ago

adin234 commented 8 years ago

https://github.com/thomseddon/node-oauth2-server/blob/b36a06b445ad0a676e6175d68a8bd0b2f3353dbf/lib/grant.js#L158

why do we have a colon (:) in the regex for the grant type?

markstos commented 6 years ago

This is part of the OAuth 2 spec for extended grant types. You can the feature generally documented here:

https://docs.pingidentity.com/bundle/pf_sm_oauth20AndPingfederateAs_pf83/page/concept/extensionGrantTypes_grantTypes.html

Reading the grammar for "grant types" in the formal RFC: https://tools.ietf.org/html/rfc6749#appendix-A.10

You can see that a colon is not valid in a grant type unless the grant type in in the "URI" format, which is used for extended grant types.

Thus, checking for a colon in a regex is a spec-compliant way to check to see if the grant_type is an extended grant type or regular grant type.

This issue can be closed.