I m developping an application using oauth2orize using BasicStrategy and grant_type=password and I m having some trouble with this part of code :
passport.use('client-basic', new BasicStrategy((username, password, callback) => {
authSrv.findClientByMail(username).then((client)=>{
if (!client || client.secret !== password) { return callback(null, false); }
return callback(null, client);
},(err)=>{
return callback(null, false);
});
}
In this code (taken from the git examples), I test the equality between client credentials and user credentials (username + client id, userpassword with client secret)
It means that I can have only one user per client application.
I don't want only one user per application. In fact, many users can connect the same application (at a credential level), sharing content etc...
I don't know how to implement this in this strategy ?
I think that I m missunderstanding something in the process concerning the "application" term...
