Skip to main content

Upgrade Guide

Migrating from v2 to v3

This package is now pure ESM

The package is now entirely ESM (ECMAScript Modules). More details about this change can be found in Sindre Sorhus's writeup.

AuthorizationServer Updates

In v2.x, AuthorizationServer constructor required all repositories. In v3.x, it has been simplified.

Before (v2.x):

const authorizationServer = new AuthorizationServer(
authCodeRepository,
clientRepository,
accessTokenRepository,
scopeRepository,
userRepository,
jwtService,
{
requiresS256: false,
tokenCID: "name",
},
);

After (v3.x):

const authorizationServer = new AuthorizationServer(
clientRepository,
accessTokenRepository,
scopeRepository,
new JwtService("secret-key"),
{
requiresS256: true,
tokenCID: "id",
},
);

Enabling Grants

In v3, enableGrantType has been updated for the "authorization_code" and "password" grants.

Authorization Code Grant

AuthorizationCodeGrant now requires a AuthorizationCodeRepository and a UserRepository.

Before (v2.x):

authorizationServer.enableGrantType("authorization_code");

After (v3.x):

authorizationServer.enableGrantType({
grant: "authorization_code",
userRepository,
authorizationCodeRepository,
});

Password Grant

PasswordGrant now requires a UserRepository.

Before (v2.x):

authorizationServer.enableGrantType("password");

After (v3.x):

authorizationServer.enableGrantType({
grant: "password",
userRepository,
});

AuthorizationServerOptions Default Configuration Updates

The default options for AuthorizationServer have been modified to better align with the OAuth 2.0 specification:

Optionv2.x Valuev3.x Value
requiresS256falsetrue
tokenCID"name""id"

Removed setOptions Method

The undocumented, public method setOptions has been removed in v3. Options can be set during AuthorizationServer initialization.

generateRandomToken Function Fix

A bug in the generateRandomToken function has been fixed in v3.x.