Comments (2)
cancan101
commented on July 16, 2024
1
and perhaps related is there anyway to redirect a non logged in user from within authenticateHandler to a login screen?
from node-oauth2-server.
tswaters
commented on July 16, 2024
Noticed this as well. We use the authenticateHandler for the login form that shows up on the authorization server, for auth code flow.... something like this:
app.post('/login', async handler(req, res) {
await req.oauth.authorize({
authenticateHandler: {
async handle() {
return app.oauth.getUser(req.body.username, req.body.password, req.query)
},
},
})
})Before, the modal method would return null if a valid user could not be found and we'd get a server error. Now, it throws an invalid grant error if a user can't be found, similar to how it gets handled in the password flow, here:
node-oauth2-server/lib/grant-types/password-grant-type.js
Lines 93 to 95 in 6d4c987
So this way it's at least consistent between the two.... IMO, the code in the authorize handler should throw an InvalidGrantError similar to how the password grant type does it, see above ^^
from node-oauth2-server.
Related Issues (20)
- nodejs vulnerability
- If client_id is invalid and req.query.allowed = false, please throw InvalidClientError instead of AccessDeniedError
- Remove Bluebird Dependency HOT 3
- Remove promisify-any dependency
- Remove statuses dependency HOT 1
- Vulnerabilities introduced by package lodash HOT 6
- Support for RFC7662 OAuth2.0 Token Introspection HOT 2
- Fail to pass express request context to the internal model functions
- We went ahead and released a version 4.1.0 on a separate project -- feel free to install that to cover and resolve any vulnerabilities
- Reported this package to Snyk for having a critical bug (privilege escalation)
- Client Credentials Grant
- Reimplement non-expiring tokens
- Is this library still maintained?
- loadash critical vulnerability HOT 3
- Question: How to identify type of token passed in a request?
- the props of grants & redirectUris are user's scope, but binded at client object HOT 1
- README mentions unmaintained Express middleware HOT 1
- Does this library actually work? HOT 3
- Duplicated parameters on authorize.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-oauth2-server.