OAuth2 basic strategy and password grant_type


November 2018


236 time


I m developping an application using oauth2orize using BasicStrategy and grant_type=password and I m having some trouble with this part of code :

  passport.use('client-basic', new BasicStrategy((username, password, callback) => {
        if (!client || client.secret !== password) { return callback(null, false); }
        return callback(null, client);
        return callback(null, false);

In this code (taken from the git examples), I test the equality between client credentials and user credentials (username + client id, userpassword with client secret)

It means that I can have only one user per client application.

I don't want only one user per application. In fact, many users can connect the same application (at a credential level), sharing content etc...

I don't know how to implement this in this strategy ?

I think that I m missunderstanding something in the process concerning the "application" term...

0 answers