chore(dependencies)!: update grant from 4.x to 5.x

[wolfgangwalther]

This updates @feathersjs/authentication-oauth to use the new version of grant (5.x). (#1961)

Among other stuff, the new grant version offers the possibility to pass options to the underlying http client, which is used for the request for profile_url. In my project I need to add proxy settings to this request.

This should go together with a corresponding PR for the docs, as some things have changed with grant. This still needs to be done.

Unfortunately I was not able to test those changes in a real project. I tried installing the @feathersjs/authentication-oauth package from my own git repo instead of npm, but this didn't work out well, because of the monorepo structure.
Because the unit tests don't implement a full oauth flow, I guess this should still be tested somehow. Especially the "getting the profile" part, because that was not tested but mocked before already and has completely changed now.
Any ideas on that, how to proceed here?

[wolfgangwalther]

Not sure what to do with that test. The thrown error was only implemented in the mocked getProfile function. Not sure what that was supposed to test in the first place.

Since getProfile doesn't exist anymore, I just removed the test for now.

[wolfgangwalther]

The new grant version mounts at /prefix instead of /prefix/connect - so redirecting is not needed anymore, but the request can just be passed on to the next handler.

[wolfgangwalther]

['tokens', 'raw'] should be the default - not sure whether tokens would be enough?

profile is added, to make grant make the request to profile_url.

[wolfgangwalther]

grant-profile is now merged into grant itself.

[daffl]

Thank you for the pull request, this is great! Since these are definitely breaking changes, could you do me a favour and resubmit it against the v5 branch at https://github.com/feathersjs/feathers/tree/dove?

To test the changes in an application, in the Feathers repository you can do

cd packages/authentication-oauth
npm run compile
npm link

Then in your project

npm link @feathersjs/authentication-oauth

The same steps work for any other modules that changed.

As for getting the profile, I think the getProfile method should stay as it is but just return the data.profile that Grant includes now. The other problem is that I don't think this change allows to authenticate with an existing access token which is very important for usage in e.g. mobile applications.

One way to improve the tests would be to create a test oAuth application, get an access token via an HTTP request and run the test with that. It wouldn't test the browser flow though of course.

[wolfgangwalther]

So I rebased on dove, force-pushed and changed the base branch for this PR - I guess that should do it in that regard?

Keeping getProfile: I guess I expected that and actually I agree ;)

The other problem is that I don't think this change allows to authenticate with an existing access token which is very important for usage in e.g. mobile applications.

Can you elaborate? Whats "this change" here - the whole update of grant or just the "removing getProfile" part?

Thanks for the hint about npm link. That sounds useful, but won't be as straightforward in my case, I guess: My application runs in docker containers - for development as well. So "global node_modules" is different for my application and the feathers repo. But I'll figure something out with that.

[nathanbrizzee]

Hi @daffl , any idea when this pull request might be available? I have a desperate need behind our corporate ntlm proxy. All web access is proxied so I can't get any of the OAuth grant to work unless I am outside our proxy server. The current 4.x branch works fine as long as I am not behind a proxy. Otherwise, It simply times out. I've tried the monkey patch suggestion by the author simov/grant#93 , but I can't get it to work either. Any help would be greatly appreciated.

[daffl]

Because of the breaking changes this pull request requires a major release of which upgrading Grant is only a minor part. There is no release date for v5 other than before the end of the year and there is a lot that still needs to be done. You are welcome to book an office hour to see if there are ways to get things working for you before.

[wolfgangwalther]

As for getting the profile, I think the getProfile method should stay as it is but just return the data.profile that Grant includes now. The other problem is that I don't think this change allows to authenticate with an existing access token which is very important for usage in e.g. mobile applications.

So I brought back getProfile. Does that solve the "access token" problem you are referencing, @daffl, or do you have something else in mind here?

One way to improve the tests would be to create a test oAuth application, get an access token via an HTTP request and run the test with that. It wouldn't test the browser flow though of course.

Will look into this.

[wolfgangwalther]

The build is failing - but I have no idea how that error might be related to my changes. I don't know TypeScript well, though.

[daffl]

Thank you again @wolfgangwalther, sorry it took so long! I got the build fixed and it is now merged with the dove branch. I will do some more testing and figure out how to bring back authenticating with existing oAuth access tokens and get it out with another v5.x pre-release.