{"id":1088684,"name":"@node-oauth/oauth2-server","ecosystem":"npm","description":"Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js","homepage":"https://github.com/node-oauth/node-oauth2-server#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/node-oauth/node-oauth2-server","keywords_array":["oauth","oauth2"],"namespace":"node-oauth","versions_count":21,"first_release_published_at":"2021-10-08T12:06:11.860Z","latest_release_published_at":"2026-04-15T05:45:58.243Z","latest_release_number":"5.3.0","last_synced_at":"2026-05-26T01:11:56.106Z","created_at":"2022-04-08T10:27:03.990Z","updated_at":"2026-05-26T14:14:11.141Z","registry_url":"https://www.npmjs.com/package/@node-oauth/oauth2-server","install_command":"npm install @node-oauth/oauth2-server","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"maintenance":"4.3.3","latest":"5.3.0","next":"5.2.2-rc.0"}},"repo_metadata":{"id":38360015,"uuid":"414962042","full_name":"node-oauth/node-oauth2-server","owner":"node-oauth","description":"🚀 The successor to oauthjs/oauth2-server. 🔒 Complete, compliant, maintained and well tested OAuth2 Server for node.js.  Includes native async await and PKCE.","archived":false,"fork":false,"pushed_at":"2024-08-09T18:04:04.000Z","size":1961,"stargazers_count":285,"open_issues_count":13,"forks_count":39,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-09-02T10:01:37.303Z","etag":null,"topics":["async","authentication","authorization-code-flow","authorization-code-grant","await","client-credentials-grant","hacktoberfest","javascript","node","nodejs","npm-package","oauth","oauth2","password-grant","pkce","token-grant"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@node-oauth/oauth2-server","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"oauthjs/node-oauth2-server","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/node-oauth.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["jankapunkt"],"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":["https://paypal.me/kuesterjan"]}},"created_at":"2021-10-08T11:34:28.000Z","updated_at":"2024-08-31T20:15:23.000Z","dependencies_parsed_at":"2023-11-06T06:31:17.872Z","dependency_job_id":"446ba41e-05ef-43c1-ac63-f9a21d9fd92f","html_url":"https://github.com/node-oauth/node-oauth2-server","commit_stats":{"total_commits":659,"total_committers":77,"mean_commits":8.558441558441558,"dds":0.7830045523520486,"last_synced_commit":"9a448b4fc6dcd82b8890dac14a13dccb3a276928"},"previous_names":[],"tags_count":53,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/node-oauth","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":217647980,"owners_count":16209945,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"node-oauth","name":"node-oauth","uuid":"92159871","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/92159871?v=4","repositories_count":2,"last_synced_at":"2023-03-06T20:21:17.425Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/node-oauth","funding_links":[],"total_stars":null,"followers":null,"following":null,"created_at":"2022-11-16T21:04:45.325Z","updated_at":"2023-03-06T20:21:17.519Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/node-oauth","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/node-oauth/repositories"},"tags":[{"name":"v5.2.0","sha":"9a448b4fc6dcd82b8890dac14a13dccb3a276928","kind":"commit","published_at":"2024-07-31T12:53:43.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.2.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.2.0/manifests"},{"name":"v5.1.0","sha":"c30c73ce7c520813da85617a517ab639172a27a2","kind":"commit","published_at":"2024-02-27T07:26:39.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.1.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.1.0/manifests"},{"name":"v5.1.0-rc.0","sha":"9562aa9f8b779b3f4015c4a1a940e515dcf2959e","kind":"commit","published_at":"2023-11-28T08:15:53.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.1.0-rc.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.1.0-rc.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.1.0-rc.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.1.0-rc.0/manifests"},{"name":"v4.3.3","sha":"267d683114d521c9be6838877f0bdc105e4f16e8","kind":"commit","published_at":"2023-11-07T10:33:11.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.3.3","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.3/manifests"},{"name":"v5.0.0","sha":"848a03a93ea4cd75b5a4ed281bc0e1d398a5d881","kind":"commit","published_at":"2023-11-07T09:49:57.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0/manifests"},{"name":"v5.0.0-rc.5","sha":"ca43d4aa08c8eea0b3715442c0de7dc7278f79a6","kind":"commit","published_at":"2023-11-01T07:46:39.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0-rc.5","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0-rc.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.5/manifests"},{"name":"v5.0.0-rc.4","sha":"1c409269c71e70449b7f79c45cb77a9687bfe15b","kind":"commit","published_at":"2023-09-29T06:54:34.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0-rc.4","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0-rc.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.4/manifests"},{"name":"v5.0.0-rc.3","sha":"028e020558395263a83160db0d3a642d444069db","kind":"commit","published_at":"2023-08-29T07:29:51.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0-rc.3","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0-rc.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.3/manifests"},{"name":"v4.3.2","sha":"c53360700cd203b4833c1503d2cf5a573d5b1968","kind":"commit","published_at":"2023-08-26T12:24:37.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.3.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.2/manifests"},{"name":"v4.3.1","sha":"25c366115da40dbb68efff8025db439232ded7cd","kind":"commit","published_at":"2023-08-26T07:37:34.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.3.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.1/manifests"},{"name":"v5.0.0-rc.2","sha":"c6682a62835086a7ac0a11990fe0ac087358ceeb","kind":"commit","published_at":"2023-08-15T12:04:07.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0-rc.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0-rc.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.2/manifests"},{"name":"v5.0.0-rc.1","sha":"7ebf3aa50983f8832ecb3e8e1a861638f20b65e0","kind":"commit","published_at":"2023-08-02T14:38:48.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0-rc.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0-rc.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.1/manifests"},{"name":"v5.0.0-rc.0","sha":"9b687233329b3999502341fda4030d4093da7666","kind":"commit","published_at":"2023-06-22T10:54:52.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v5.0.0-rc.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v5.0.0-rc.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v5.0.0-rc.0/manifests"},{"name":"v4.3.0","sha":"c993eb5a700f81fe204283b3428e0742015f9b8d","kind":"commit","published_at":"2022-11-28T10:18:28.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.3.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.3.0/manifests"},{"name":"v4.2.0","sha":"e01e841260ba5955b6f5629aff6279fa7d16bb26","kind":"commit","published_at":"2022-06-06T07:15:53.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.2.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.2.0/manifests"},{"name":"v4.1.1","sha":"1b91ddc5ddc4bf75a6b6d8548b27591b9750e338","kind":"commit","published_at":"2021-11-28T14:16:41.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.1.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.1.1/manifests"},{"name":"v4.1.0","sha":"485147fb156310527456e06da41780b188cf2ca1","kind":"commit","published_at":"2021-11-10T15:52:03.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.1.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.1.0/manifests"},{"name":"v4.0.0","sha":"83b32830c9986cea8a1c17f702fa14e529975b74","kind":"commit","published_at":"2021-10-08T12:03:04.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.0.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.0.0/manifests"},{"name":"v3.1.1","sha":"0bbdcfeaaf0d73e06acc028cd0d009eafab70817","kind":"commit","published_at":"2020-07-14T18:26:50.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.1.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"05e9eac5f5ae8a4cf432f7a668a552285f521f19","kind":"commit","published_at":"2020-07-01T08:11:53.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.1.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.1.0/manifests"},{"name":"v3.0.2","sha":"3dc184349286d6b3da75177f641e0eec70a91c53","kind":"commit","published_at":"2020-05-24T14:55:59.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.0.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.2/manifests"},{"name":"v4.0.0-dev.2","sha":"015416563fcd5f0dd58e562aabd1b117d4bfa361","kind":"commit","published_at":"2018-09-05T11:53:34.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.0.0-dev.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.0.0-dev.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.0.0-dev.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.0.0-dev.2/manifests"},{"name":"v4.0.0-dev.1","sha":"c6a3137a37adf5fb7fc9b0b7727b853ca9c5a33b","kind":"commit","published_at":"2018-08-27T18:46:57.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v4.0.0-dev.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v4.0.0-dev.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.0.0-dev.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v4.0.0-dev.1/manifests"},{"name":"v3.1.0-beta.1","sha":"3af487a858db8b960aa2476e188a83ae1d26e918","kind":"commit","published_at":"2018-08-27T15:18:17.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.1.0-beta.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.1.0-beta.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.1.0-beta.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.1.0-beta.1/manifests"},{"name":"v3.0.1","sha":"c6e8af18ddbe71987b914fd4cc3464f8b91da24d","kind":"commit","published_at":"2018-08-27T11:33:26.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.0.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.1/manifests"},{"name":"v3.0.0","sha":"e1f741fdad191ee47e7764b80a8403c1ea2804d4","kind":"commit","published_at":"2017-08-09T15:37:15.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.0.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0/manifests"},{"name":"v3.0.0-b4","sha":"46dc6efa125a037ab73a905b8595bcf9efc8ea23","kind":"commit","published_at":"2017-04-26T16:58:00.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.0.0-b4","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.0.0-b4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0-b4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0-b4/manifests"},{"name":"v3.0.0-b3.1","sha":"e6ee002f3171238ffd1552eb6213afb80cf7b920","kind":"commit","published_at":"2016-11-12T03:08:55.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.0.0-b3.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.0.0-b3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0-b3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0-b3.1/manifests"},{"name":"v3.0.0-b3","sha":"17ad710d4ad152e467fc889f07a534fdc24f0610","kind":"commit","published_at":"2016-11-10T11:56:58.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v3.0.0-b3","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v3.0.0-b3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0-b3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v3.0.0-b3/manifests"},{"name":"v2.4.1","sha":"b36a06b445ad0a676e6175d68a8bd0b2f3353dbf","kind":"commit","published_at":"2015-06-29T09:39:40.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.4.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"4f7899b798c16cec0aee08285012ffb5f6fd3c4b","kind":"commit","published_at":"2015-03-11T15:45:43.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.4.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.4.0/manifests"},{"name":"v2.3.0","sha":"5cf4819d22f8b97a99e1e84e76aac5c22cb0fd67","kind":"commit","published_at":"2014-09-14T21:21:20.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.3.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.3.0/manifests"},{"name":"v2.2.2","sha":"49e17481f52cb6cb6c35bb4536283ae187bf57cf","kind":"commit","published_at":"2014-07-09T09:46:09.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.2.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"d728567356a127e9ff9766391c2cf787ae70c77c","kind":"tag","published_at":"2014-06-12T09:51:10.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.2.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"8ede0129fc1bff9b3de55fccca86704c6d6a59f2","kind":"tag","published_at":"2014-06-12T09:43:54.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.2.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.2.0/manifests"},{"name":"v2.0.1","sha":"1158cd7605d65653f1a6ad4567e27680f238bff0","kind":"tag","published_at":"2014-01-17T08:51:46.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v2.0.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v2.0.1/manifests"},{"name":"v1.5.2","sha":"01eaeec5d4899e3c92ab0aa69b85eb3eeceb797c","kind":"tag","published_at":"2013-09-06T08:13:07.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.5.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.5.2/manifests"},{"name":"v1.5.1","sha":"2877b23badbd4025c2c2c4e8c30fb3be8ebc6383","kind":"tag","published_at":"2013-09-06T08:12:54.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.5.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.5.1/manifests"},{"name":"v1.5.0","sha":"9c6cfe26e222595160e59948702340ec78d3de96","kind":"tag","published_at":"2013-07-23T15:30:26.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.5.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.5.0/manifests"},{"name":"v1.2.5","sha":"391ea51745dbcfcd717cb4264b34e861542930f7","kind":"tag","published_at":"2013-07-03T08:49:15.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.2.5","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.5/manifests"},{"name":"v1.4.1","sha":"853f119c553de97921ee8b8359228b892a2fe250","kind":"tag","published_at":"2013-07-02T23:36:35.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.4.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.4.1/manifests"},{"name":"v1.1.1","sha":"727c8898579abcdcbe041779834781e8f44b9ee0","kind":"tag","published_at":"2013-07-02T23:34:50.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.1.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.1.1/manifests"},{"name":"v1.1.0","sha":"294d949e9904db163e7b3522d8e2b9d1b030c898","kind":"tag","published_at":"2013-07-02T23:34:11.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.1.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.1.0/manifests"},{"name":"v1.0.0","sha":"bec8e2dad20e7f98a6714532d3a0c94a3cc0ea88","kind":"tag","published_at":"2013-07-02T23:33:24.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.0.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.0.0/manifests"},{"name":"v1.2.1","sha":"e6b9a153bd0b119d92354314da1ee352c6c63a25","kind":"tag","published_at":"2013-07-02T23:32:07.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.2.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.1/manifests"},{"name":"v1.2.2","sha":"4655b406c17ffe215a22fc941c1e099cb0f68723","kind":"tag","published_at":"2013-07-02T23:31:54.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.2.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.2/manifests"},{"name":"v1.2.3","sha":"35a682aa94c4d214e1dbf5d7dda893825e548e58","kind":"tag","published_at":"2013-07-02T23:31:45.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.2.3","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.3/manifests"},{"name":"v1.2.4","sha":"69a667cc64b8005338b90ddafb70b64d9d8109bb","kind":"tag","published_at":"2013-07-02T23:31:33.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.2.4","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.4/manifests"},{"name":"v1.3.0","sha":"ef30e235c7029ea41cd52af3c4d2e5ce1d836731","kind":"tag","published_at":"2013-07-02T23:30:33.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.3.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.3.0/manifests"},{"name":"v1.3.1","sha":"8496087489d20295fbdc36279db3e657c9b393eb","kind":"tag","published_at":"2013-07-02T23:30:02.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.3.1","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.3.1/manifests"},{"name":"v1.3.2","sha":"f4c3a6043b58aca8640bfaa5ca92bb2a85f1b5ad","kind":"tag","published_at":"2013-07-02T23:29:50.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.3.2","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.3.2/manifests"},{"name":"v1.4.0","sha":"9aceae927c085afb7db5a21cbf9b0df88d7b1ddb","kind":"tag","published_at":"2013-07-02T23:29:40.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.4.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.4.0/manifests"},{"name":"v1.2.0","sha":"a53c89374516f49fc8c6b024a756b21a27088645","kind":"tag","published_at":"2013-07-02T23:28:11.000Z","download_url":"https://codeload.github.com/node-oauth/node-oauth2-server/tar.gz/v1.2.0","html_url":"https://github.com/node-oauth/node-oauth2-server/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/tags/v1.2.0/manifests"}]},"repo_metadata_updated_at":"2024-09-05T20:12:33.077Z","dependent_packages_count":7,"downloads":704524,"downloads_period":"last-month","dependent_repos_count":64,"rankings":{"downloads":1.012621840539571,"dependent_repos_count":1.6983492483372435,"dependent_packages_count":2.7716859699510756,"stargazers_count":4.304279570248742,"forks_count":4.687951530115768,"docker_downloads_count":0.29032310586771576,"average":2.460868544176686},"purl":"pkg:npm/%40node-oauth/oauth2-server","advisories":[{"uuid":"GSA_kwCzR0hTQS1qaG03LTI5cGotNHh2Zs4ABVYy","url":"https://github.com/advisories/GHSA-jhm7-29pj-4xvf","title":"@node-oauth/oauth2-server: PKCE code_verifier ABNF not enforced in token exchange allows brute-force redemption of intercepted authorization codes","description":"## Summary\n\nThe token exchange path accepts RFC7636-invalid `code_verifier` values (including one-character strings) for `S256` PKCE flows.  \nBecause short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can brute-force `code_verifier` guesses online until token issuance succeeds.\n\n\n\n### Root cause\n\n1. `lib/pkce/pkce.js` (`getHashForCodeChallenge`) only checks that `verifier` is a non-empty string before hashing for `S256`; it does not enforce RFC7636 ABNF (`43..128` unreserved chars).\n2. `lib/grant-types/authorization-code-grant-type.js` compares `hash(code_verifier)` to stored `codeChallenge` without validating verifier format/length.\n3. In `AuthorizationCodeGrantType.handle`, authorization code revocation happens **after** verifier validation. Invalid guesses fail before revoke, so the same code can be retried repeatedly.\n\n## Steps to Reproduce\n\n### Setup\n\n- PKCE authorization code exists with:\n  - `codeChallengeMethod = \"S256\"`\n  - `codeChallenge = BASE64URL(SHA256(\"z\"))` (verifier is one character, RFC-invalid)\n- Attacker has intercepted the authorization code value.\n\n### Reproduction\n\n1. Send repeated token requests with guessed `code_verifier` values:\n\n```http\nPOST /token HTTP/1.1\nHost: oauth.example\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=authorization_code\u0026\nclient_id=client1\u0026\nclient_secret=s3cret\u0026\ncode=stolen-auth-code\u0026\nredirect_uri=https://client.example/callback\u0026\ncode_verifier=\u003cguess\u003e\n```\n\n2. Observe invalid guesses return `invalid_grant`.\n3. Continue guessing (`a`..`z`).\n4. When `code_verifier=z`, token issuance succeeds and returns bearer tokens.\n\n### Confirmed PoC output\n\n```text\nBRUTE_FORCE_SUCCESS { tries: 26, guess: 'z', status: 200, tokenIssued: true }\n```\n\n## Impact\n\nAn intercepted authorization code can be redeemed by brute-forcing low-entropy verifiers that the server should have rejected under RFC7636.  \nThis weakens PKCE’s protection goal and allows token theft when clients generate short/predictable verifiers.\n\n## Recommended Fix\n\n1. Enforce `pkce.codeChallengeMatchesABNF(request.body.code_verifier)` in authorization code token exchange before hashing/comparison.\n2. Reject verifier values outside RFC7636 charset/length (`43..128` unreserved).\n3. Invalidate authorization codes on failed verifier attempts (or add strict retry limits) to prevent online guessing.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-16T21:09:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/node-oauth/node-oauth2-server/security/advisories/GHSA-jhm7-29pj-4xvf","https://nvd.nist.gov/vuln/detail/CVE-2026-41213","https://github.com/advisories/GHSA-jhm7-29pj-4xvf"],"source_kind":"github","identifiers":["GHSA-jhm7-29pj-4xvf","CVE-2026-41213"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-16T22:00:09.302Z","updated_at":"2026-05-26T09:01:09.835Z","epss_percentage":0.0006,"epss_percentile":0.18704,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qaG03LTI5cGotNHh2Zs4ABVYy","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qaG03LTI5cGotNHh2Zs4ABVYy","packages":[{"ecosystem":"npm","package_name":"@node-oauth/oauth2-server","versions":[{"first_patched_version":"5.3.0","vulnerable_version_range":"\u003c= 5.2.1"}],"purl":"pkg:npm/%40node-oauth%2Foauth2-server"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qaG03LTI5cGotNHh2Zs4ABVYy/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@node-oauth/oauth2-server","docker_dependents_count":9,"docker_downloads_count":11072699,"usage_url":"https://repos.ecosyste.ms/usage/npm/@node-oauth/oauth2-server","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@node-oauth/oauth2-server/dependencies","status":null,"funding_links":["https://github.com/sponsors/jankapunkt","https://paypal.me/kuesterjan"],"critical":null,"issue_metadata":{"last_synced_at":"2024-09-05T20:12:02.872Z","issues_count":86,"pull_requests_count":200,"avg_time_to_close_issue":26941237.971014492,"avg_time_to_close_pull_request":2639049.747368421,"issues_closed_count":68,"pull_requests_closed_count":190,"pull_request_authors_count":20,"issue_authors_count":24,"avg_comments_per_issue":5.674418604651163,"avg_comments_per_pull_request":2.01,"merged_pull_requests_count":111,"bot_issues_count":0,"bot_pull_requests_count":112,"past_year_issues_count":12,"past_year_pull_requests_count":74,"past_year_avg_time_to_close_issue":196841.625,"past_year_avg_time_to_close_pull_request":1130146.044117647,"past_year_issues_closed_count":8,"past_year_pull_requests_closed_count":68,"past_year_pull_request_authors_count":7,"past_year_issue_authors_count":6,"past_year_avg_comments_per_issue":2.0,"past_year_avg_comments_per_pull_request":1.5945945945945945,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":51,"past_year_merged_pull_requests_count":36,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/node-oauth%2Fnode-oauth2-server/issues","maintainers":[{"login":"jankapunkt","count":53,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jankapunkt"},{"login":"jorenvandeweyer","count":16,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jorenvandeweyer"},{"login":"Uzlopak","count":15,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/Uzlopak"},{"login":"HappyZombies","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/HappyZombies"}],"active_maintainers":[{"login":"jorenvandeweyer","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jorenvandeweyer"},{"login":"jankapunkt","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jankapunkt"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@node-oauth%2Foauth2-server/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@node-oauth%2Foauth2-server/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@node-oauth%2Foauth2-server/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@node-oauth%2Foauth2-server/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@node-oauth%2Foauth2-server/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@node-oauth%2Foauth2-server/codemeta","maintainers":[{"uuid":"jkuester","login":"jkuester","name":null,"email":"jkuester@uni-bremen.de","url":null,"packages_count":22,"html_url":"https://www.npmjs.com/~jkuester","role":null,"created_at":"2022-11-20T20:44:53.221Z","updated_at":"2022-11-20T20:44:53.221Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jkuester/packages"},{"uuid":"happyzombies","login":"happyzombies","name":null,"email":"DANIEL.REGUERO@HOTMAIL.COM","url":null,"packages_count":4,"html_url":"https://www.npmjs.com/~happyzombies","role":null,"created_at":"2022-11-20T20:44:53.235Z","updated_at":"2022-11-20T20:44:53.235Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/happyzombies/packages"}]}