Add support for non-expiring tokens

New tokens will be considered to never expire if respective
accessTokenLifetime or refreshTokenLifetime are null.
Equally, if saveAccessToken/saveRefreshToken() methods return an
expires value of null, the token will be considered valid.
If a non-expiring token is being issued, the "expires_in" key will
be omitted from the response

Author: Thom Seddon

Readme.md

@@ -68,9 +68,11 @@ Note: As no model was actually implemented here, delving any deeper, i.e. passin
   - Default: `false`
 - *number* **accessTokenLifetime**
  - Life of access tokens in seconds
-  - Default: 3600
+ - If `null`, tokens will considered to never expire
+  - Default: `3600`
 - *number* **refreshTokenLifetime**
  - Life of refresh tokens in seconds
+ - If `null`, tokens will considered to never expire
   - Default: `1209600`
 - *number* **authCodeLifetime**
  - Life of auth codes in seconds
@@ -99,6 +101,7 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
      - Must contain the following keys:
          - *date* **expires**
              - The date when it expires
+             - `null` to indicate the token **never expires**
          - *string|number* **user_id**
              - The user_id (saved in req.user.id)
 
@@ -171,6 +174,7 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
              - client_id associated with this token
          - *date* **expires**
              - The date when it expires
+             - `null` to indicate the token **never expires**
          - *string|number* **user_id**
              - The user_id
 

lib/authorise.js

@@ -63,7 +63,7 @@ authorise.validateAccessToken = function (token, req, next) {
 	}
 
 	// Check it's valid
-	if (!token.expires || token.expires < this.now) {
+	if (token.expires !== null && (!token.expires || token.expires < this.now)) {
 		return next(error('invalid_grant', 'The access token provided has expired.'));
 	}
 

lib/oauth2server.js

@@ -43,8 +43,10 @@ function OAuth2Server (config) {
 	this.debug = config.debug || false;
 	this.passthroughErrors = config.passthroughErrors;
 
-	this.accessTokenLifetime = config.accessTokenLifetime || 3600;
-	this.refreshTokenLifeTime = config.refreshTokenLifeTime || 1209600;
+	this.accessTokenLifetime = config.accessTokenLifetime !== undefined ?
+		config.accessTokenLifetime : 3600;
+	this.refreshTokenLifetime = config.refreshTokenLifetime !== undefined ?
+		config.refreshTokenLifetime : 1209600;
 	this.authCodeLifetime = config.authCodeLifetime || 30;
 	this.now = new Date();
 

lib/token.js

@@ -179,7 +179,7 @@ token.grant = function (req, res, next) {
 
 				if (!refreshToken || refreshToken.client_id !== req.oauth.client.client_id) {
 					return next(error('invalid_grant', 'Invalid refresh token'));
-				} else if (refreshToken.expires < oauth.now) {
+				} else if (refreshToken.expires !== null && refreshToken.expires < oauth.now) {
 					return next(error('invalid_grant', 'Refresh token has expired'));
 				}
 
@@ -231,8 +231,11 @@ token.grantAccessToken = function (req, res, next) {
 
 		req.oauth.accessToken.refresh_token = refreshToken;
 
-		var expires = new Date(oauth.now);
-		expires.setSeconds(expires.getSeconds() + oauth.refreshTokenLifeTime);
+		var expires = null;
+		if (oauth.refreshTokenLifetime !== null) {
+			expires = new Date(oauth.now);
+			expires.setSeconds(expires.getSeconds() + oauth.refreshTokenLifetime);
+		}
 
 		oauth.model.saveRefreshToken(req.oauth.accessToken.refresh_token,
 				req.oauth.client.client_id, req.user.id, expires, function (err) {
@@ -262,8 +265,11 @@ token.grantAccessToken = function (req, res, next) {
 
 		req.oauth.accessToken = { access_token: accessToken };
 
-		var expires = new Date(oauth.now);
-		expires.setSeconds(expires.getSeconds() + oauth.accessTokenLifetime);
+		var expires = null;
+		if (oauth.accessTokenLifetime !== null) {
+			expires = new Date(oauth.now);
+			expires.setSeconds(expires.getSeconds() + oauth.accessTokenLifetime);
+		}
 
 		oauth.model.saveAccessToken(req.oauth.accessToken.access_token, req.oauth.client.client_id,
 				req.user.id, expires, function (err) {
@@ -289,7 +295,9 @@ token.grantAccessToken = function (req, res, next) {
 token.issueToken = function (req, res, next) {
 	// Prepare for output
 	req.oauth.accessToken.token_type = 'bearer';
-	req.oauth.accessToken.expires_in = this.accessTokenLifetime;
+	if (this.accessTokenLifetime !== null) {
+		req.oauth.accessToken.expires_in = this.accessTokenLifetime;
+	}
 
 	// That's it!
 	res.set({ 'Cache-Control': 'no-cache', 'Pragma': 'no-cache' });

test/authorizeRequest.js

@@ -169,6 +169,24 @@ describe('OAuth2Server.authorizeRequest()', function() {
 				.get('/?access_token=thom')
 				.expect(/nightworld/, 200, done);
 		});
+
+		it('should passthrough with valid, non-expiring token (token = null)', function (done) {
+			var app = bootstrap({
+				model: {
+					getAccessToken: function (token, callback) {
+						callback(false, { expires: null });
+					}
+				}
+			});
+
+			app.get('/', function (req, res) {
+				res.send('nightworld');
+			});
+
+			request(app)
+				.get('/?access_token=thom')
+				.expect(/nightworld/, 200, done);
+		});
 	});
 
 	it('should expose the user_id', function (done) {

test/token.js

@@ -403,6 +403,48 @@ describe('OAuth2Server.token()', function() {
 					.expect(/"access_token": "(.*)",\n\s+"refresh_token": "(.*)"/i, 400, done);
 
 			});
+
+			it('should allow valid request with non-expiring token (token= null)', function (done) {
+				var app = bootstrap({
+					model: {
+						getClient: function (id, secret, callback) {
+							callback(false, { client_id: 'thom' });
+						},
+						grantTypeAllowed: function (id, secret, callback) {
+							callback(false, true);
+						},
+						getRefreshToken: function (refreshToken, callback) {
+							callback(false, {
+								client_id: 'thom',
+								expires: null,
+								user_id: '123'
+							});
+						},
+						saveAccessToken: function (accessToken, clientId, userId, expires, cb) {
+							cb();
+						},
+						saveRefreshToken: function (refreshToken, clientId, userId, expires, cb) {
+							cb();
+						},
+						expireRefreshToken: function (refreshToken, callback) {
+							callback();
+						}
+					},
+					grants: ['password', 'refresh_token']
+				});
+
+				request(app)
+					.post('/oauth/token')
+					.set('Content-Type', 'application/x-www-form-urlencoded')
+					.send({
+						grant_type: 'refresh_token',
+						client_id: 'thom',
+						client_secret: 'nightworld',
+						refresh_token: 'abc123'
+					})
+					.expect(/"access_token": "(.*)",\n\s+"refresh_token": "(.*)"/i, 400, done);
+
+			});
 		});
 
 		describe('custom', function () {
@@ -762,6 +804,52 @@ describe('OAuth2Server.token()', function() {
 				});
 
 		});
+
+		it('should exclude expires_in if accessTokenLifetime = null', function (done) {
+			var app = bootstrap({
+				model: {
+					getClient: function (id, secret, callback) {
+						callback(false, { client_id: id });
+					},
+					grantTypeAllowed: function (id, secret, callback) {
+						callback(false, true);
+					},
+					getUser: function (uname, pword, callback) {
+						callback(false, { id: 1 });
+					},
+					saveAccessToken: function (accessToken, clientId, userId, expires, callback) {
+						should.strictEqual(null, expires);
+						callback();
+					},
+					saveRefreshToken: function (refreshToken, clientId, userId, expires, callback) {
+						should.strictEqual(null, expires);
+						callback();
+					}
+				},
+				grants: ['password', 'refresh_token'],
+				accessTokenLifetime: null,
+				refreshTokenLifetime: null
+			});
+
+			request(app)
+				.post('/oauth/token')
+				.set('Content-Type', 'application/x-www-form-urlencoded')
+				.send(validBody)
+				.expect(200)
+				.end(function (err, res) {
+					if (err) return done(err);
+
+					res.body.should.have.keys(['access_token', 'refresh_token', 'token_type']);
+					res.body.access_token.should.be.a('string');
+					res.body.access_token.should.have.length(40);
+					res.body.refresh_token.should.be.a('string');
+					res.body.refresh_token.should.have.length(40);
+					res.body.token_type.should.equal('bearer');
+
+					done();
+				});
+
+		});
 	});
 
 });