search

oauthjs / node-oauth2-server

Complete, compliant and well tested module for implementing an OAuth2 Server/Provider with express in node.js
https://npmjs.org/package/oauth2-server
MIT License
4.02k stars 933 forks source link

Postman OAuth2 (GET NEW ACCESS TOKEN) #386

Open FeeFelipe opened 7 years ago

FeeFelipe commented 7 years ago

Hi,

I'm not able to implement this application in postman, someone can help me?

sem titulo

FeeFelipe commented 7 years ago

I solved the problem, when the application receives the empty scope (scope: '') throw an error

Solution:

if (!req.body.scope) delete req.body.scope;

Error:

{ server_error: Invalid parameter: `scope`
    at TokenHandler.<anonymous> (/node/node_modules/oauth2-server/lib/handlers/token-handler.js:100:13)
    at TokenHandler.tryCatcher (/node/node_modules/bluebird/js/main/util.js:26:23)
    at Promise._settlePromiseFromHandler (/node/node_modules/bluebird/js/main/promise.js:507:31)
    at Promise._settlePromiseAt (/node/node_modules/bluebird/js/main/promise.js:581:18)
    at Promise._settlePromises (/node/node_modules/bluebird/js/main/promise.js:697:14)
    at Async._drainQueue (/node/node_modules/bluebird/js/main/async.js:123:16)
    at Async._drainQueues (/node/node_modules/bluebird/js/main/async.js:133:10)
    at Immediate.Async.drainQueues (/node/node_modules/bluebird/js/main/async.js:15:14)
    at runCallback (timers.js:672:20)
    at tryOnImmediate (timers.js:645:5)
    at processImmediate [as _immediateCallback] (timers.js:617:5)
  message: 'Invalid parameter: `scope`',
  code: 503,
  name: 'server_error',
  inner: 
   { invalid_argument: Invalid parameter: `scope`
       at ClientCredentialsGrantType.AbstractGrantType.getScope (/node/node_modules/oauth2-server/lib/grant-types/abstract-grant-type.js:94:11)
       at ClientCredentialsGrantType.handle (/node/node_modules/oauth2-server/lib/grant-types/client-credentials-grant-type.js:57:20)
       at TokenHandler.handleGrantType (/node/node_modules/oauth2-server/lib/handlers/token-handler.js:220:6)
       at TokenHandler.<anonymous> (/node/node_modules/oauth2-server/lib/handlers/token-handler.js:91:19)
       at TokenHandler.tryCatcher (/node/node_modules/bluebird/js/main/util.js:26:23)
       at Promise._settlePromiseFromHandler (/node/node_modules/bluebird/js/main/promise.js:507:31)
       at Promise._settlePromiseAt (/node/node_modules/bluebird/js/main/promise.js:581:18)
       at Async._drainQueue (/node/node_modules/bluebird/js/main/async.js:128:12)
       at Async._drainQueues (/node/node_modules/bluebird/js/main/async.js:133:10)
       at Immediate.Async.drainQueues (/node/node_modules/bluebird/js/main/async.js:15:14)
       at runCallback (timers.js:672:20)
       at tryOnImmediate (timers.js:645:5)
       at processImmediate [as _immediateCallback] (timers.js:617:5)
     message: 'Invalid parameter: `scope`',
     code: 500,
     name: 'invalid_argument' } }
manjeshpv commented 7 years ago

Can you please share the your thoughts about #393

Join https://oauthjs.slack.com

Please close the issue. as it solved.

maxtruxa commented 7 years ago

@manjeshpv This issue is not resolved. While I appreciate your effort, please don't link to your issue everywhere.

@FeeFelipe The error is expected, an empty scope is not valid. You have to either omit it completely or set it to something valid. See Section 3.3 of RFC 6749:

scope       = scope-token *( SP scope-token )
scope-token = 1*( %x21 / %x23-5B / %x5D-7E )

That AbstractGrantType#getScope is throwing an InvalidArgumentError is wrong though. IMO this should be an InvalidScopeError. Also, just looking at the code I think it doesn't handle the case where no scope is supplied (?). I'll have to look into that.

@mjsalinger Any objections to changing the type of error that is thrown as outlined above? The scope is sent by the client, so InvalidArgumentError is wrong if I'm not mistaken.