merge

Author: Sam Bacha

.editorconfig

@@ -0,0 +1,14 @@
+# Editor configuration, see http://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+max_line_length = off
+trim_trailing_whitespace = false

.gitignore

@@ -1,5 +1,24 @@
-node_modules/
+
+# IDE
+/.idea
+/.awcache
+/.vscode/*.code-workspace
+/.vscode/settings.json
+
+# misc
+npm-debug.log
+
+# folders
+/dist
+/node_modules
 docs/_build/
 __pycache__/
+
+# files
+.DS_Store
 *.pyc
+/aio
 
+# codecoverage
+/.nyc_output
+/coverage

.jshintignore

@@ -0,0 +1,10 @@
+{
+	"extends": "@istanbuljs/nyc-config-typescript",
+	"all": true,
+    "reporter": [
+		"lcovonly",
+		"html",
+		"text",
+		"text-summary"
+    ]
+} 

.jshintrc

@@ -0,0 +1,5 @@
+{
+  "singleQuote": true,
+  "trailingComma": "all",
+  "endOfLine": "lf"
+}

.nycrc

@@ -1,13 +1,8 @@
 language: node_js
 
 node_js:
-  - 4
-  - 4.0
-  - 6
-  - 6.0
-  - 7
-  - 7.0
   - 8
-  - 8.0
+  - 10
+  - 12
 
 sudo: false

.prettierrc

@@ -0,0 +1,22 @@
+# VSCode Configuration
+
+This folder contains opt-in [Workspace Settings](https://code.visualstudio.com/docs/getstarted/settings) and [Extension Recommendations](https://code.visualstudio.com/docs/editor/extension-gallery#_workspace-recommended-extensions) that our team recommends using when working on this repository.
+
+## Usage
+
+To use the recommended settings follow the steps below:
+
+- copy `.vscode/recommended-settings.json` to `.vscode/settings.json`
+- restart the editor
+
+If you already have your custom workspace settings you should instead manually merge the file content.
+
+This isn't an automatic process so you will need to repeat it when settings are updated.
+
+To see the recommended extensions select "Extensions: Show Recommended Extensions" in the [Command Palette](https://code.visualstudio.com/docs/getstarted/userinterface#_command-palette).
+
+## Editing `.vscode/recommended-settings.json`
+
+If you wish to add extra configuration items please keep in mind any settings you add here will be used by many users.
+
+Try to keep these settings to things that help facilitate the development process and avoid altering the user workflow whenever possible.

.travis.yml

@@ -0,0 +1,11 @@
+{
+  // See http://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
+  // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
+
+  // List of extensions which should be recommended for users of this workspace.
+  "recommendations": [
+    "editorconfig.editorconfig",
+    "esbenp.prettier-vscode",
+    "ms-vscode.vscode-typescript-tslint-plugin"
+  ]
+}

.vscode/README.md

@@ -0,0 +1,23 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Mocha Tests",
+      "program": "${workspaceFolder}/node_modules/mocha/bin/_mocha",
+      "args": [
+        "--require",
+        "ts-node/register",
+        "-u",
+        "tdd",
+        "--timeout",
+        "999999",
+        "--colors",
+        "--recursive",
+        "${workspaceFolder}/test/**/*.spec.ts"
+      ],
+      "internalConsoleOptions": "openOnSessionStart"
+    }
+  ]
+}

.vscode/extensions.json

@@ -0,0 +1,39 @@
+{
+  "files.exclude": {
+    "**/.git": true,
+    "**/.DS_Store": true,
+    "**/node_modules": true,
+    "dist": true
+  },
+  "files.watcherExclude": {
+    "**/.git/**": true,
+    "**/node_modules/**": true,
+    "**/dist/**": true
+  },
+  "search.exclude": {
+    "**/node_modules": true,
+    "**/dist": true
+  },
+  "editor.formatOnSave": false,
+  "typescript.format.enable": false,
+  "editor.formatOnPaste": false,
+  "[typescript]": {
+    "editor.formatOnSave": true,
+    "editor.codeActionsOnSave": {
+      "source.organizeImports": true,
+      "source.fixAll.tslint": true
+    }
+  },
+  "[json]": {
+    "editor.formatOnSave": true
+  },
+  "[jsonc]": {
+    "editor.formatOnSave": true
+  },
+  "[javascript]": {
+    "editor.formatOnSave": true
+  },
+  "prettier.singleQuote": true,
+  "prettier.trailingComma": "all",
+  "prettier.printWidth": 80
+}

.vscode/launch.json

@@ -1,5 +1,38 @@
 ## Changelog
 
+### 5.0.0
+* BREAKING: Remove support for node v6
+* BREAKING: Remove support for callbacks only support native Promises
+* new: Rewrote in TypeScript
+* new: Switch from Eslint to Tslint
+* new: added .vscode folder for recommend extensions and recommend setting required for development
+* new: added suitable TypeScript Interfaces for various Objects
+
+### 4.0.0
+* BREAKING: Set server_error Code to 500
+* BREAKING: Remove support for node v4
+* new: Added revoke-handler to revoke access token
+* new: Added implicit grant flow
+* new: Switch from jshint to eslin
+* fix: authorization_code grant should not be required in implicit flowt
+
+### 3.1.0
+* new: Added package-lock.json
+* new: Extend model object with request context
+* new: .npmignore tests
+* fix: validate requested scope on authorize request
+* fix: issue correct expiry dates for tokens
+* fix: set numArgs for promisify of generateAuthorizationCode
+* fix: Changed 'hasOwnProperty' call in Response
+* docs: Ensure accessTokenExpiresAt is required
+* docs: Add missing notice of breaking change for accessExpireLifetime to migration guide
+* docs: Correct tokens time scale for 2.x to 3.x  migration guide
+* readme: Update Slack badge and link
+* readme: Fix link to RFC6750 standard
+
+### 3.0.1
+* Updated dependencies
+
 ### 3.0.0
 * Complete re-write, with Promises and callback support
 * Dropped support for node v0.8, v0.10, v0.12

.vscode/recommended-settings.json

@@ -20,9 +20,9 @@ The *oauth2-server* module is framework-agnostic but there are several officiall
 
 ## Features
 
-- Supports `authorization_code`, `client_credentials`, `refresh_token` and `password` grant, as well as *extension grants*, with scopes.
+- Supports `authorization_code`, `client_credentials`, `refresh_token`, `implicit` and `password` grant, as well as *extension grants*, with scopes.
 - Can be used with *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)).
-- Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6749.html) compliant.
+- Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6750.html) compliant.
 - Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc.
 - Complete [test suite](https://github.com/oauthjs/node-oauth2-server/tree/master/test).
 
@@ -63,6 +63,6 @@ npm test
 [travis-url]: https://travis-ci.org/oauthjs/node-oauth2-server
 [license-image]: https://img.shields.io/badge/license-MIT-blue.svg
 [license-url]: https://raw.githubusercontent.com/oauthjs/node-oauth2-server/master/LICENSE
-[slack-image]: https://img.shields.io/badge/slack-join-E01563.svg
-[slack-url]: https://oauthjs.slack.com
+[slack-image]: https://slack.oauthjs.org/badge.svg
+[slack-url]: https://slack.oauthjs.org
 

CHANGELOG.md

@@ -0,0 +1,8 @@
+
+Todo:
+  ✔ Add a todo
+  ✔ A Basic Rewrite of library in TypeScript
+  ✔ A Basic Rewrite of tests in TypeScript
+  ☐ Add examples for nestjs, expressjs, koa and others
+  ☐ Add Migration guide
+  ☐ Review all Docs

LICENSE

@@ -128,25 +128,27 @@ Authorizes a token request.
 
 **Arguments:**
 
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| Name                                    | Type            | Description                                                                 |
-+=========================================+=================+=============================================================================+
-| request                                 | :doc:`request`  | Request object.                                                             |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [request.query.allowed=undefined]       | String          | ``'false'`` to deny the authorization request (see remarks section).        |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| response                                | :doc:`response` | Response object.                                                            |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options={}]                            | Object          | Handler options.                                                            |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options.authenticateHandler=undefined] | Object          | The authenticate handler (see remarks section).                             |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options.allowEmptyState=false]         | Boolean         | Allow clients to specify an empty ``state``.                                |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [options.authorizationCodeLifetime=300] | Number          | Lifetime of generated authorization codes in seconds (default = 5 minutes). |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
-| [callback=undefined]                    | Function        | Node-style callback to be used instead of the returned ``Promise``.         |
-+-----------------------------------------+-----------------+-----------------------------------------------------------------------------+
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| Name                                    | Type            | Description                                                                    |
++=========================================+=================+================================================================================+
+| request                                 | :doc:`request`  | Request object.                                                                |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [request.query.allowed=undefined]       | String          | ``'false'`` to deny the authorization request (see remarks section).           |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| response                                | :doc:`response` | Response object.                                                               |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options={}]                            | Object          | Handler options.                                                               |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.authenticateHandler=undefined] | Object          | The authenticate handler (see remarks section).                                |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.allowEmptyState=false]         | Boolean         | Allow clients to specify an empty ``state``.                                   |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.authorizationCodeLifetime=300] | Number          | Lifetime of generated authorization codes in seconds (default = 5 minutes).    |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [options.accessTokenLifetime=3600]      | Number          | Lifetime of generated implicit grant access token in seconds (default = 1 hr). |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
+| [callback=undefined]                    | Function        | Node-style callback to be used instead of the returned ``Promise``.            |
++-----------------------------------------+-----------------+--------------------------------------------------------------------------------+
 
 **Return value:**
 

README.md

@@ -28,19 +28,23 @@ The naming of the exposed middlewares has changed to match the OAuth2 _RFC_ more
 Server options
 --------------
 
-The following server options can be set when instantiating the OAuth service:  
+The following server options can be set when instantiating the OAuth service:
 
 * `addAcceptedScopesHeader`: **default true** Add the `X-Accepted-OAuth-Scopes` header with a list of scopes that will be accepted
 * `addAuthorizedScopesHeader`: **default true** Add the `X-OAuth-Scopes` header with a list of scopes that the user is authorized for
 * `allowBearerTokensInQueryString`: **default false** Determine if the bearer token can be included in the query string (i.e. `?access_token=`) for validation calls
 * `allowEmptyState`: **default false** If true, `state` can be empty or not passed.  If false, `state` is required.
-* `authorizationCodeLifetime`: **default 300** Default number of milliseconds that the authorization code is active for
-* `accessTokenLifetime`: **default 3600** Default number of milliseconds that an access token is valid for
-* `refreshTokenLifetime`: **default 1209600** Default number of milliseconds that a refresh token is valid for
+* `authorizationCodeLifetime`: **default 300** Default number of seconds that the authorization code is active for
+* `accessTokenLifetime`: **default 3600** Default number of seconds that an access token is valid for
+* `refreshTokenLifetime`: **default 1209600** Default number of seconds that a refresh token is valid for
 * `allowExtendedTokenAttributes`: **default false** Allows additional attributes (such as `id_token`) to be included in token responses.
-* `requireClientAuthentication`: **default true for all grant types** Allow ability to set client/secret authentication to `false` for a specific grant type.   
+* `requireClientAuthentication`: **default true for all grant types** Allow ability to set client/secret authentication to `false` for a specific grant type.
 
-The following server options have been removed in v3.0.0
+The following server options have changed behavior in v3.0.0:
+
+ * `accessTokenLifetime` can no longer be set to `null` to indicate a non-expiring token. The recommend alternative is to set accessTokenLifetime to a high value.
+
+The following server options have been removed in v3.0.0:
 
 * `grants`: **removed** (now returned by the `getClient` method).
 * `debug`: **removed** (not the responsibility of this module).
@@ -56,7 +60,7 @@ Model specification
 * `generateAuthorizationCode()` is **optional** and should return a `String`.
 * `generateRefreshToken(client, user, scope)` is **optional** and should return a `String`.
 * `getAccessToken(token)` should return an object with:
-    
+
   * `accessToken` (`String`)
   * `accessTokenExpiresAt` (`Date`)
   * `client` (`Object`),  containing at least an `id` property that matches the supplied client
@@ -71,7 +75,7 @@ Model specification
   * `user` (`Object`)
 
 * `getClient(clientId, clientSecret)` should return an object with, at minimum:
-  
+
   * `redirectUris` (`Array`)
   * `grants` (`Array`)
 
@@ -84,11 +88,11 @@ Model specification
   * `user` (`Object`)
 
 * `getUser(username, password)` should return an object:
- 
+
   * No longer requires that `id` be returned.
 
 * `getUserFromClient(client)` should return an object:
-    
+
   * No longer requires that `id` be returned.
 
 * `grantTypeAllowed()` was **removed**. You can instead: