mohd7469 / oauth2orize-examples Goto Github PK

Hi,
whenever I make a post request to get token i got 'Unauthorized' as response. please Help!
below is my request:-

url:- http://localhost:3000/oauth/token

request:- {
"grant_type": "authorization_code",
"code": "gZl67viNzaVvJgfx",
"redirect_uri": "http://localhost:3000/account",
"client_id": "abc123",
"state": "12345"
}

I am using your example, but want to host it on a path other than /. Is there a property I can set (or other approach) to achieve this simply?

It'd be great if we could have an example working with SwaggerExpress

Hi.

My question is:

Why do we need to check client twice? Isn't it enough to fetch client in passport strategy and then simply use client object which was passed down to oauth2orize clientCredentials exchange handler? Or this duplication is just for demo purposes?

Thank you!

Hi,
I was able to get the auth code but when i call the token api, i get Unauthorised 401 Error,
I am passing these values in the url
http://localhost:3000/oauth/token?grant_type=authorization_code&code=tncHiOrBZRcvjJQ1&redirect_uri=http://localhost:3000/account&client_id=abc123&client_secret=ssh-secret
Please help with his, I am stuck.

In the oauth2.js, I can see user.has_token and client.isTrusted, but I cannot find those method in the user and client models. Where is these method specified?

The code in the Grant Flow doesn't invalidate the Authorization Code after it's used to successfully issue an access token, so you can reuse the authorization code to issue another access token. It's recommended to have authorization codes expire after some short window and to mark them as used once you've issued a token. The OAuth site goes into more detail about Authorization Codes here.

I'd be happy to make a pull request to expire tokens and remove them after they've been used (or at least invalidate them. Or at a minimum I can make a PR to add some comments to note how it should be done if implemented in a live application.

curl -X POST "http://localhost:3000/oauth/token" -d "grant_type=password&client_id=abc123&client_secret=ssh-secret&username=bob&password=secret"

Error: {"error":"server_error","error_description":"authCode is not defined"}

Consider replacing getUid() with secure-random-string for cryptographically secure random numbers.

It has the option to continue to make them 16 characters log as before if you prefer.

I have an error when accessing /dialog/authorize after logged in.

the error message shown below

AuthorizationError: Missing required parameter: response_type at /var/www/html/oauth2orize-examples/node_modules/oauth2orize/lib/middleware/authorization.js:120:46 at pass (/var/www/html/oauth2orize-examples/node_modules/oauth2orize/lib/server.js:295:26) at pass (/var/www/html/oauth2orize-examples/node_modules/oauth2orize/lib/server.js:313:9) at pass (/var/www/html/oauth2orize-examples/node_modules/oauth2orize/lib/server.js:313:9) at Server._parse (/var/www/html/oauth2orize-examples/node_modules/oauth2orize/lib/server.js:318:5) at authorization (/var/www/html/oauth2orize-examples/node_modules/oauth2orize/lib/middleware/authorization.js:118:12) at Layer.handle [as handle_request] (/var/www/html/oauth2orize-examples/node_modules/express/lib/router/layer.js:95:5) at next (/var/www/html/oauth2orize-examples/node_modules/express/lib/router/route.js:137:13) at /var/www/html/oauth2orize-examples/node_modules/connect-ensure-login/lib/ensureLoggedIn.js:50:5 at Layer.handle [as handle_request] (/var/www/html/oauth2orize-examples/node_modules/express/lib/router/layer.js:95:5)

I accidentally miss saving my user.id, so the clientID is used for BearerStrategy and found this bug.
I think in auth.js line 100
db.clients.findByClientId
should be change with
db.clients.find

Current version of express is 2.x, would be nice to update to latest (4.x)