Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2: create an access token verification middleware #903

Open
porcellus opened this issue Aug 1, 2024 · 0 comments
Open

OAuth2: create an access token verification middleware #903

porcellus opened this issue Aug 1, 2024 · 0 comments

Comments

@porcellus
Copy link
Collaborator

porcellus commented Aug 1, 2024
edited
Loading

  • It should be very similar to the session verification middleware
    • Take a look at how that is solved for different frameworks
      • If it's a lot of work for each framework, please get the stuff reviewed before implementing them all
  • It should make use of the validateOAuth2AccessToken function exposed by the OAuth2Provider recipe
  • It should take all the options of validateOAuth2AccessToken
  • It should set/save the token payload the same way as verifySession does.
  • It should take an additional isRequired flag:
    • This will default to true (so it is optional)
    • Setting it to false will allow requests through even if there are no tokens present
    • I'll confirm this tomorrow, but when there is an invalid token present, we should reject the request even if isRequired is set to false
    • The name feels weird. See if you can figure out something better
  • We also need to set the WWW-Authenticate header if it fails
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@porcellus