search

oauthjs / node-oauth2-server

Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
https://npmjs.org/package/oauth2-server
MIT License
4.02k stars 931 forks source link

New Refresh Token Created when the grant-type is refresh-token #243

Open shubhamagiwal opened 8 years ago

shubhamagiwal commented 8 years ago

My requirement is that I need to create a refresh_token with no expiry and use the same token to regenerate new access_token when they expire. I referred the documentation and found that if we pass refreshTokenLifetime in the custom middleware as null it will create a refresh_token with no Expiry. But A new refresh_token is generated for every grant_type is refresh-token. According to the IETF Document , it is optional to generate a new refresh_token when the grant-type is refresh-token. Is there any way to make the refresh_token generation as an optional when the refreshTokenLifeTime is null in the custom middleware.

I created a middleware using express as shown in Documentation for Node OAuth2 Server.

My code is as follows

 var express = require('express'),
  bodyParser = require('body-parser'),
  oauthserver = require('oauth2-server');

 module.exports = {

http: {

 customMiddleware: function (app) {

  app.use(bodyParser.urlencoded({
   extended: true
  }));

  app.use(bodyParser.json());

  app.oauth = oauthserver({
   model: require('./oauth2Model'), // See below for specification
   grants: ['authorization_code', 'password', 'refresh_token'],
   debug: true,
   refreshTokenLifetime: null
  });

  // Handle token grant requests
  app.all('/oauth/authenticate', app.oauth.grant());

  // Error handling
  app.use(app.oauth.errorHandler());
  }
 }
};

Node Version I am using is 4.2.4

maxtruxa commented 8 years ago

Pull request #282 adds exactly this functionality.