Example #1
0
server.exchange(oauth2orize.exchange.password(function(client, username, password, scope, done) {
    //Validate the user
    db.users.findByUsername(username, function (err, user) {
        if (err) {
            return done(err);
        }
        if (!user) {
            return done(null, false);
        }
        if (password !== user.password) {
            return done(null, false);
        }
        var token = utils.uid(config.token.accessTokenLength);
        db.accessTokens.save(token, config.token.calculateExpirationDate(), user.id, client.id, scope, function (err) {
            if (err) {
                return done(err);
            }
            var refreshToken = null;
            //I mimic openid connect's offline scope to determine if we send
            //a refresh token or not
            if (scope && scope.indexOf("offline_access") === 0) {
                refreshToken = utils.uid(config.token.refreshTokenLength);
                db.refreshTokens.save(refreshToken, user.id, client.id, scope, function (err) {
                    if (err) {
                        return done(err);
                    }
                    return done(null, token, refreshToken, {expires_in: config.token.expiresIn});
                });
            } else {
                return done(null, token, refreshToken, {expires_in: config.token.expiresIn});
            }
        });
    });
}));
Example #2
0
 function (username, password, done) {
   db.users.findByUsername(username, function (err, user) {
     if (err) {
       return done(err);
     }
     if (!user) {
       return done(null, false);
     }
     if (user.password != password) {
       return done(null, false);
     }
     return done(null, user);
   });
 }