Storing authentication information between middlewares

[steffansluis]

Currently, after calling node-oauth2-server handlers, some results are exposed via req.app.locals. As stated here, this persists throughout the lifetime of the application. res.locals only persists throughout the lifetime of the current request. It seems to me the second option should be used, since authentication is request specific. Is this an intentional decision?

[nunofgs]

Not intentional at all. Nice catch :)

You can submit a PR if you'd like. Otherwise I'll fix it soon.