OAuth2 basic strategy and password grant_type

Refresh

November 2018

Views

236 time

3

I m developping an application using oauth2orize using BasicStrategy and grant_type=password and I m having some trouble with this part of code :

  passport.use('client-basic', new BasicStrategy((username, password, callback) => {
      authSrv.findClientByMail(username).then((client)=>{
        if (!client || client.secret !== password) { return callback(null, false); }
        return callback(null, client);
      },(err)=>{
        return callback(null, false);
      });
    }

In this code (taken from the git examples), I test the equality between client credentials and user credentials (username + client id, userpassword with client secret)

It means that I can have only one user per client application.

I don't want only one user per application. In fact, many users can connect the same application (at a credential level), sharing content etc...

I don't know how to implement this in this strategy ?

I think that I m missunderstanding something in the process concerning the "application" term...

0 answers