Is this library maintained at all? 🚩 #204
Comments
Bugs do not go unaddressed. FRs on the other hand don't carry the same amount of weight given the library is open source and you can fork it to do what you want.
Token Refreshes are supported very well; it would not be much of a library if we did not do that. Did you look at the samples at all ? Token revocations are also supported. Please look at the sample apps and read the documentation. This is not meant to be a high level OAuth2 library. The goal of this library is to be able to customize the parts you need, so you can accomplish your goal without sweating all the details. |
|
@tikurahul I did look at the samples but the instructions in this readme are inaccurate:
The referenced folder does not exist. The signout function of the flow.ts file just deletes the token on the client side. I did overlook the revocation demonstration therein though, sorry about this and thanks for the nudge. |
|
https://github.com/openid/AppAuth-JS/blob/master/src/node_app/index.ts is the example. https://github.com/googlesamples/appauth-js-electron-sample is a different repo, and uses |
Expected Behavior
Issues are tagged, triaged and addressed in a timely fashion.
Describe the problem
[REQUIRED] Actual Behavior
openid as author lends this library some legitimacy but issues go unaddressed for months without community or maintainer engagement. Developers suffer from clunky low-level boilerplate code in attempts to avoid and alternative poorly maintained solution that many other resources are built upon. Common flows like token revocation and token refresh are not well-documented.
For the sake of accountability it would be good to know just how much resources from the OpenId foundation are being dedicated to maintain this library if any. Authorization flows are mission-critical and developers should know the risks and technical debt they take on in using this library.
The text was updated successfully, but these errors were encountered: