v5.0.0 Release Candidate 1
auto changelog
- Compute the correct redirect_uri in case of resource over denies access
According to https://tools.ietf.org/html/rfc6749#section-4.1.2.1
once the redirect_uri & client_id is correct authorization server should
inform the client, that user denied access.
The change is to move validation of resource owner approval after the
redirect_uri & client identifier validation so the correct redirect url
is computed
-
fix: authorization_code grant should not be required in implicit flow
#522 -
Revert "fix; correct client ID check in refresh_token grant type"
#524 -
fix: authorization_code grant should not be required in implicit flow
#520 -
Bumped to 4.0.0-dev.2
0154165 -
Updated changelog
04eaf5a -
fix; correct client ID check in refresh_token grant type
#501 -
Switch to eslint
#508 -
Updated dependencies for 3.x
#519 -
oauthjs#288 Revoke handler
#289 -
docs: Correct tokens time scale for 2.x to 3.x migration guide
#471 -
Implicit grant flow v3 (rebased oauthjs#271)
#464 -
Number of arguments MUST be passed
#483 -
Specify arg count when promisifying generateAuthorizationCode
#493 -
Breaking Change: Set server_error Code to 500
#472 -
docs: Ensure accessTokenExpiresAt is required
#491 -
Correct generateAccessToken invocation
#1 -
Rectified the link to RFC 6750 paper
#465 -
Extend model object with request context
#462 -
fix: validate requested scope on authorize request
#451 -
fix: validate requested scope on authorize request
#3 -
Added package-lock.json
#454 -
Fix
hasOwnProperty is not a functionerror#430 -
fix: issue correct expiry dates for tokens
#444 -
set numArgs for promisify of generateAuthorizationCode
#431 -
Update README.md
#425 -
readme: Update Slack badge and link
#432 -
fix: issue correct expiry dates for tokens
#2 -
revoke-handler: implementation
3fc1f3e -
resolve merge conflict
c33a2cd -
Revert "Added package-lock.json"
ad7c3f2