You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
first of all: thanks for documenting this so detailed. I went through a few oauth examples, and this one is definitely the best one.
Now to the issue I have:
I am busy connecting everything to a Database, and so far it works, except one thing: When a user authorizes a client, only an access token is sent, no refresh token. I narrowed this down to the fact that the validate.isRefreshToken() fails, because the scope is null. I am still busy trying to figure out where exactly scope becomes undefined, but here is what I have found so far:
In oauth2.js, the authorization middleware:
..
}), (req, res, next) => {
// Render the decision dialog if the client isn't a trusted client
// TODO: Make a mechanism so that if this isn't a trusted client, the user can record that
// they have consented but also make a mechanism so that if the user revokes access to any of
// the clients then they will have to re-consent.
db.clients.findByClientId(req.query.client_id)
.then((client) => { ....
// client.scope is undefined
}
Here, the scope in the client object is undefined for me, however looking at the unmodified example which uses memory storage, it is properly defined. I tried manually defining it like such client.scope = "offline_access" but that did not do the job, it gets lost somewhere later on.
What is more likely to be the problem is here in the same file:
Again, client.scope is undefined here. Any idea what the connection here might be, and how this can be tackled when working with a database? Which functions passes the client object to above function?
When I use: db.authorizationCodes.save(code, client.id, redirectURI, user.id, "offline_access")
it works, the refresh_token gets sent as well, but that is only a temporary solution.
I though about having another column in the clients table saving the scope, however that is not a solution I would prefer.
The text was updated successfully, but these errors were encountered:
Hey,
first of all: thanks for documenting this so detailed. I went through a few oauth examples, and this one is definitely the best one.
Now to the issue I have:
I am busy connecting everything to a Database, and so far it works, except one thing: When a user authorizes a client, only an access token is sent, no refresh token. I narrowed this down to the fact that the validate.isRefreshToken() fails, because the scope is null. I am still busy trying to figure out where exactly scope becomes undefined, but here is what I have found so far:
In oauth2.js, the authorization middleware:
Here, the scope in the client object is undefined for me, however looking at the unmodified example which uses memory storage, it is properly defined. I tried manually defining it like such
client.scope = "offline_access"but that did not do the job, it gets lost somewhere later on.What is more likely to be the problem is here in the same file:
Again, client.scope is undefined here. Any idea what the connection here might be, and how this can be tackled when working with a database? Which functions passes the client object to above function?
When I use:
db.authorizationCodes.save(code, client.id, redirectURI, user.id, "offline_access")it works, the refresh_token gets sent as well, but that is only a temporary solution.
I though about having another column in the clients table saving the scope, however that is not a solution I would prefer.
The text was updated successfully, but these errors were encountered: