- this is a patch release, fixing a syntax error (that never got picked up, due to wrong linter config)
- fix(core): standard lint fixed
- fix(core): oauth.js fix wrong syntax error in import
- fix(ci): run npm setup before lint and test to link package
- fix(build): remove .coverage from git (URLSearchParam missing s at the end)
- fix(tests): test project linter settings fixed
- fix(ci): remove dependencies from single job
- update(ci): test workflow update to use test project
- updated
@node-oauth/oauth2-serverto4.2.0 - correctly setup coverage for test project and package
- added documentation and generate docs via jsdoc2md (see API.md)
- fix(core): extracted initRoutes from OAuth2Server into standalone function to prevent re-init
- this version has not been released publicly and superseded by
4.2.0 - removed
redirectUristo find client (now searches only by clientId) increateClient - hardened check failsafety in
UserValidation - hardened check against empty Strings in
requiredAccessTokenPostParams,requiredAuthorizeGetParamsandrequiredAuthorizePostParams - updated
@node-oauth/oauth2-serverto4.1.1
- use (actively maintained) @node-oauth/oauth2-server
- improve console output readability
- support Meteor versions
['1.6', '2.3']; because 2.3 was a breaking release - update tests to use latest Accounts and jkuester:http
- update follow redirect rules
- maybe-breaking due to update to Accounts 2.x
- updated
oauth2-serverto4.0.0-dev.3 - removed dependency to
dburles:mongo-collection-instances(fix dependeny issues with major accounts packages bumps)
- bumped
oauth2-server
Summary
- migrated to latest node oauth2 server (v3)
- wrap model in async Meteor environment
- use builtin
WebAppinstead ofexpress - built complete
authorization_codeworkflow to make this usable with a customAccountspackage - all routes fallback with an error handler to return the respective OAuth error
Commits
- lint fix to comply standardjs
- oauth server implemented token handler and authenticated (token-required) routes
- model implemented token adapters
- model simplified logging
- model fixed getClient async access and logging behavior
- oauth fixed references to this via self property
- redirect after authorizazion success
- implement authorization stack
- fix saveAuthorizationCode
- model simplified functions and removed unneccesary Promises
- model saveAuthorizationCode conform with node2 server 3.x API
- model updated debug logging format
- reusable validation for client_id and redirect_url
- extended validation in POST authUrl
- extended error handler
- cleanup imports
- use facaded app that can be replaced if desired
- add input validation utils
- use get and post route for WebApp connect
- model im proved console.log
- improved error handling on auth route
- model improve debug messages
- introduced oauth app registration
- fixed lint errors
- model rewritten using promises
- update README
- removed express dependency and v3 compatibility
- extended model config and v3 compatibility
- decaffeinated project
- added .npm to gitignore
- Support multiple
redirect_uri#10
- Rename all athorizedClients to authorizedClients (please update your users DB too)
- Allow
refresh_tokenas a Grant Type - Transform any requests to
/oauth/tokenthat isPOSTand isn'tapplication/x-www-form-urlencoded, merging the body and the query strings. See pull request #5 for more details.
- Redirect user to
/oauth/error/404instead of/oauth/404 - Redirect user to
/oauth/error/invalid_redirect_uriif uri does not match
- Redirect user to
/oauth/404if client does not exists or is inactive
- Return only clients with
active: true
- Only process errors for oauth routes
- Allow pass collection object instead collection name
- Added more debug logs
- Initial implementation