Merge dev into master

.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+  - jankapunkt
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
+  - https://paypal.me/kuesterjan

.github/workflows/tests-release.yml

@@ -26,7 +26,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: actions/setup-node@v3
       with:
-        node-version: '14'
+        node-version: 20
     # install to create local package-lock.json but don't cache the files
     # also: no audit for dev dependencies
     - run: npm i --package-lock-only  && npm audit --production
@@ -50,6 +50,13 @@ jobs:
       with:
         node-version: ${{ matrix.node }}
 
+    - name: Cache dependencies ${{ matrix.node }}
+      uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-${{ matrix.node }}
     # for this workflow we also require npm audit to pass
     - run: npm i
     - run: npm run test:coverage
@@ -73,7 +80,7 @@ jobs:
     needs: [unittest]
     strategy:
       matrix:
-        node: [14] # TODO get running for node 16 once we removed bluebird dependency
+        node: [14, 16, 18] # TODO get running for node 16+
     steps:
     # checkout this repo
     - name: Checkout ${{ matrix.node }}
@@ -91,6 +98,14 @@ jobs:
       with:
         node-version: ${{ matrix.node }}
 
+    - name: Cache dependencies ${{ matrix.node }}
+      uses: actions/cache@v3
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server
+
     # in order to test the adapter we need to use the current checkout
     # and install it as local dependency
     # we just cloned and install it as local dependency
@@ -110,7 +125,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 14
+          node-version: 16
           registry-url: https://registry.npmjs.org/
       - run: npm i
       - run: npm publish --dry-run
@@ -128,7 +143,7 @@ jobs:
     - uses: actions/setup-node@v3
       with:
         # we always publish targeting the lowest supported node version
-        node-version: 14
+        node-version: 16
         registry-url: $registry-url(npm)
     - run: npm i
     - run: npm publish --dry-run

.github/workflows/tests.yml

@@ -13,23 +13,46 @@ on:
       - release-* # on release we run an extended workflow so no need for this
 
 jobs:
+  lint:
+    name: Javascript standard lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: setup node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+
+      - name: cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-16-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      - run: npm install
+      - run: npm run lint
+
   unittest:
     name: unit tests
     runs-on: ubuntu-latest
+    needs: [lint]
     strategy:
       matrix:
-        node: [14, 16, 18]
+        node: [16, 18, 20]
     steps:
     - name: Checkout ${{ matrix.node }}
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Setup node ${{ matrix.node }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: ${{ matrix.node }}
 
     - name: Cache dependencies ${{ matrix.node }}
-      uses: actions/cache@v1
+      uses: actions/cache@v3
       with:
         path: ~/.npm
         key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}

README.md

@@ -3,6 +3,15 @@
 
 Complete, compliant and well tested module for implementing an OAuth2 server in [Node.js](https://nodejs.org).
 
+[![Tests](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests.yml/badge.svg)](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests.yml)
+[![CodeQL Semantic Analysis](https://github.com/node-oauth/node-oauth2-server/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/node-oauth/node-oauth2-server/actions/workflows/codeql-analysis.yml)
+[![Tests for Release](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests-release.yml/badge.svg)](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests-release.yml)
+[![Documentation Status](https://readthedocs.org/projects/node-oauthoauth2-server/badge/?version=latest)](https://node-oauthoauth2-server.readthedocs.io/en/latest/?badge=latest)
+[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
+![npm Version](https://img.shields.io/npm/v/@node-oauth/oauth2-server?label=version)
+![npm Downloads/Week](https://img.shields.io/npm/dw/@node-oauth/oauth2-server)
+![GitHub License](https://img.shields.io/github/license/node-oauth/node-oauth2-server)
+
 NOTE: This project has been forked from [oauthjs/node-oauth2-server](https://github.com/oauthjs/node-oauth2-server) and is a continuation due to the project appearing to be abandoned. Please see [our issue board](https://github.com/node-oauth/node-oauth2-server/issues) to talk about next steps and the future of this project.
 
 ## Installation
@@ -11,7 +20,8 @@ NOTE: This project has been forked from [oauthjs/node-oauth2-server](https://git
 npm install @node-oauth/oauth2-server
 ```
 
-The *@node-oauth/oauth2-server* module is framework-agnostic but there are several officially supported wrappers available for popular HTTP server frameworks such as [Express](https://npmjs.org/package/express-oauth-server) and [Koa](https://npmjs.org/package/koa-oauth-server). If you're using one of those frameworks it is strongly recommended to use the respective wrapper module instead of rolling your own.
+The `@node-oauth/oauth2-server` module is framework-agnostic but there are several officially supported wrappers available for popular HTTP server frameworks such as [Express](https://www.npmjs.com/package/@node-oauth/express-oauth-server) and [Koa (not maintained by us)](https://npmjs.org/package/koa-oauth-server).
+If you're using one of those frameworks it is strongly recommended to use the respective wrapper module instead of rolling your own.
 
 
 ## Features
@@ -20,25 +30,28 @@ The *@node-oauth/oauth2-server* module is framework-agnostic but there are sever
 - Can be used with *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)).
 - Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6750.html) compliant.
 - Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc.
+- Support for PKCE
 - Complete [test suite](https://github.com/node-oauth/node-oauth2-server/tree/master/test).
 
-
 ## Documentation
 
-[Documentation](https://oauth2-server.readthedocs.io) is hosted on Read the Docs.
-
+[Documentation](https://node-oauthoauth2-server.readthedocs.io/en/latest/) is hosted on Read the Docs.
+Please leave an issue if something is confusing or missing in the docs.
 
 ## Examples
 
-Most users should refer to our [Express](https://github.com/oauthjs/express-oauth-server/tree/master/examples) or [Koa](https://github.com/oauthjs/koa-oauth-server/tree/master/examples) examples.
+Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or 
+[Koa (not maintained by us)](https://github.com/oauthjs/koa-oauth-server/tree/master/examples) examples.
 
 More examples can be found here: https://github.com/14gasher/oauth-example
 
-## Upgrading from 2.x
+## Migrating from OAuthJs and 3.x
 
-This module has been rewritten using a promise-based approach, introducing changes to the API and model specification. v2.x is no longer supported.
+Version 4.x should not be hard-breaking, however, there were many improvements and fixes that may
+be incompatible with specific behaviour in <= 3.x
 
-Please refer to our [3.0 migration guide](https://oauth2-server.readthedocs.io/en/latest/misc/migrating-v2-to-v3.html) for more information.
+For more info, please read the [changelog](./CHANGELOG.md) or open an issue, if you think something
+is unexpectedly not working.
 
 ## Supported NodeJs versions
 

package.json

@@ -14,7 +14,8 @@
     "Michael Salinger <mjsalinger@gmail.com>",
     "Nuno Sousa",
     "Max Truxa",
-    "Daniel Reguero"
+    "Daniel Reguero",
+    "Jan Küster <info@jankuester.com>"
   ],
   "main": "index.js",
   "types": "index.d.ts",
@@ -24,18 +25,18 @@
     "lib"
   ],
   "dependencies": {
-    "@node-oauth/formats": "^1.0.0",
+    "@node-oauth/formats": "1.0.0",
     "basic-auth": "2.0.1",
     "bluebird": "3.7.2",
     "promisify-any": "2.0.1",
     "type-is": "1.6.18"
   },
   "devDependencies": {
-    "chai": "^4.3.4",
-    "eslint": "^8.0.0",
-    "mocha": "^10.0.0",
-    "nyc": "^15.1.0",
-    "sinon": "^15.0.2"
+    "chai": "4.3.4",
+    "eslint": "8.4.1",
+    "mocha": "9.2.2",
+    "nyc": "15.1.0",
+    "sinon": "13.0.1"
   },
   "license": "MIT",
   "engines": {