…' into the response data
This adds an optional `client_auth` event that is emitted whenever an access token request is made with grant_type=password. It is meant to be used only for client-side applications that can be trusted to handle a user's credentials directly. For example, this will generate an access token in one shot: $ curl -XPOST "http://1:1secret@localhost:8081/oauth/access_token" \ -d "grant_type=password&username=guest&password=leet" In addition, access token requests may now include client_id and client_secret as the username and password, respectively, in the HTTP Authorization header using Basic authentication.
Deprecate OAuth2Provider(crypt_key, sign_key) constructor in favor of one that accepts a single options object, containing the following keys: * crypt_key * sign_key * authorize_uri (optional, default: /oauth/authorize) * access_token_uri (optional, default: /oauth/access_token) Closes #17
Renamed express 2.x example, added express 3.x example.
Fixed access token duplicate generation
Add unit tests for login, and remove require of connect from index.js
…hen logging in
…ersions are correct
… test describing how provider inherits from eventemitter
For some reason, people might want to save the generated access token in a database, so the save_access_token event is now emitted. It is optional. Closes #10
Connect 2.0 is incompatible with this until further notice. Closes #11