Version 1.6.1 of passport-oauth2 has been released. This version responds immediately with an HTTP error in situations when, upon exchanging the authorization code for an access token, the authorization server responds with a successful response, but that response is missing an…

After the release of v0.5.1, there were reports of breaking changes. From the perspective of the passport package itself, there should not have been any breakage. After investigating the reports, however, it was confirmed that issues arose when using certain strategies — passport-azure-ad (which is…

This release improves Passport’s internals to avoid monkey patching Node.js core modules. In prior versions of Passport, the IncomingMessage class of the HTTP module was patched, adding login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions to the prototype. While…

Following up on yesterday’s release of passport-oauth2 version 1.6.0, which introduced application-level state storage, the same capability is now available in passport-oauth1 version 1.2.0.

This release continues the work started by v0.5.0, and simplifies the application-level middleware needed to configure Passport. In particular, passport.initialize() is no longer required. The only middleware that would typically be used at the application-level is now passport.session(), which is…