Thanks for your work on this!
Small thing -- it looks like the grant_date has been encoded in the access_token so that implementers can expire or deny use of a given access token according to their needs. However, the grant_date is being parsed but not passed to the access_token callback here:
I'm guessing this was just overlooked and needs a quick fix, but is there some other reason for withholding this from the callback?
thanks for catching this omission!
to avoid breaking existing deployed code, i'll create a branch for v1 that you can track (i won't push it to npm for a while, though).
Change signature of access_token event and return grant_date.
Provide the access token grant date so implementations can decide when
to expire tokens if required.
Great, thank you.