camelCase all the things + switch back to explicit save*Token signature

There was still a confusing mix of under_scored naming and camelCase
naming, I've now draw the line as follows:
 - Everything coming in from the wild, should be underscored (as
 per the spec)
 - Everything is camelCased internally

Switching to the save*Token(data, callback) was shorter, but made
variable names VERY important, this removes some of that overhead
by reintroducing the longer
save*Token(token, clientId, expires, userId, callback)
style signatures.

Author: Thom Seddon

Readme.md

@@ -95,8 +95,8 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
          - *date* **expires**
              - The date when it expires
              - `null` to indicate the token **never expires**
-         - *string|number* **user_id**
-             - The user_id (saved in req.user.id)
+         - *string|number* **userId**
+             - The user id (saved in req.user.id)
 
 #### getClient (clientId, clientSecret, callback)
 - *string* **clientId**
@@ -108,7 +108,7 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
      - The client retrieved from storage or falsey to indicate an invalid client
      - Saved in `req.client`
      - Must contain the following keys:
-         - *string* **client_id**
+         - *string* **clientId**
 
 #### grantTypeAllowed (clientId, grantType, callback)
 - *string* **clientId**
@@ -119,12 +119,11 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
  - *boolean* **allowed**
      - Indicates whether the grantType is allowed for this clientId
 
-#### saveAccessToken (accessToken, callback)
-- *object* **accessToken**
-  - *string* **accessToken**
-  - *string* **clientId**
-  - *string|number* **userId**
-  - *date* **expires**
+#### saveAccessToken (accessToken, clientId, expires, user, callback)
+- *string* **accessToken**
+- *string* **clientId**
+- *string|number* **userId**
+- *date* **expires**
 - *function* **callback (error)**
  - *mixed* **error**
      - Truthy to indicate an error
@@ -140,20 +139,19 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
  - *object* **authCode**
      - The authorization code retrieved form storage or falsey to indicate invalid code
      - Must contain the following keys:
-         - *string|number* **client_id**
-             - client_id associated with this auth code
+         - *string|number* **clientId**
+             - client id associated with this auth code
          - *date* **expires**
              - The date when it expires
-         - *string|number* **user_id**
-             - The user_id
-
-#### saveAuthCode (authCode, callback)
-- *object* **authCode**
-  - *string* **auth_code**
-  - *string* **client_id**
-  - *date* **expires**
-  - *mixed* **user**
-     - Whatever was passed as `user` to the codeGrant function (see example)
+         - *string|number* **userId**
+             - The userId
+
+#### saveAuthCode (authCode, clientId, expires, user, callback)
+- *string* **authCode**
+- *string* **clientId**
+- *date* **expires**
+- *mixed* **user**
+   - Whatever was passed as `user` to the codeGrant function (see example)
 - *function* **callback (error)**
  - *mixed* **error**
      - Truthy to indicate an error
@@ -175,12 +173,11 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
 
 ### Required for `refresh_token` grant type
 
-#### saveRefreshToken (refreshToken, callback)
-- *object* **refreshToken**
-  - *string* **refreshToken**
-  - *string* **clientId**
-  - *string|number* **userId**
-  - *date* **expires**
+#### saveRefreshToken (refreshToken, clientId, expires, user, callback)
+- *string* **refreshToken**
+- *string* **clientId**
+- *string|number* **userId**
+- *date* **expires**
 - *function* **callback (error)**
  - *mixed* **error**
      - Truthy to indicate an error
@@ -194,13 +191,13 @@ Note: see https://github.com/nightworld/node-oauth2-server/tree/master/examples/
  - *object* **refreshToken**
      - The refresh token retrieved form storage or falsey to indicate invalid refresh token
      - Must contain the following keys:
-         - *string|number* **client_id**
-             - client_id associated with this token
+         - *string|number* **clientId**
+             - client id associated with this token
          - *date* **expires**
              - The date when it expires
              - `null` to indicate the token **never expires**
-         - *string|number* **user_id**
-             - The user_id
+         - *string|number* **userId**
+             - The userId
 
 
 ### Optional for Refresh Token grant type
@@ -241,7 +238,7 @@ The spec does not actually require that you revoke the old token - hence this is
      - *null* indicates to revert to the default token generator
      - *object* indicates a reissue (i.e. will not be passed to saveAccessToken/saveRefreshToken)
          - Must contain the following keys (if object):
-           - *string* **access_token** OR **refresh_token** dependant on type
+           - *string* **accessToken** OR **refreshToken** dependant on type
 
 ## Extension Grants
 You can support extension/custom grants by implementing the extendedGrant method as outlined above.

examples/postgresql/model.js

@@ -27,11 +27,18 @@ model.getAccessToken = function (bearerToken, callback) {
 		if (err) return callback(err);
 		client.query('SELECT access_token, client_id, expires, user_id FROM oauth_access_tokens ' +
 				'WHERE access_token = $1', [bearerToken], function (err, result) {
+			if (err || !result.rowCount) return callback(err);
 			// This object will be exposed in req.oauth.token
 			// The user_id field will be exposed in req.user (req.user = { id: "..." }) however if
 			// an explicit user object is included (token.user, must include id) it will be exposed
 			// in req.user instead
-			callback(err, result.rowCount ? result.rows[0] : false);
+			var token = result.rows[0];
+			callback(null, {
+				accessToken: token.access_token,
+				clientId: token.client_id,
+				expires: token.expires,
+				userId: token.userId
+			});
 			done();
 		});
 	});
@@ -43,8 +50,14 @@ model.getClient = function (clientId, clientSecret, callback) {
 		client.query('SELECT client_id, client_secret, redirect_uri FROM oauth_clients WHERE ' +
 				'client_id = $1 AND client_secret = $2', [clientId, clientSecret],
 				function (err, result) {
+			if (err || !result.rowCount) return callback(err);
+
 			// This object will be exposed in req.oauth.client
-			callback(err, result.rowCount ? result.rows[0] : false);
+			var client = result.rows[0];
+			callback(null, {
+				clientId: client.client_id,
+				clientSecret: client.client_secret
+			});
 			done();
 		});
 	});
@@ -97,4 +110,4 @@ model.getUser = function (username, password, callback) {
 			done();
 		});
 	});
-};
+};

lib/authCodeGrant.js

@@ -53,7 +53,7 @@ function AuthCodeGrant(config, req, res, next, check) {
   runner(fns, this, function (err) {
     if (err && res.oauthRedirect) {
       // Custom redirect error handler
-      return res.redirect(self.client.redirect_uri + '?error=' + err.error +
+      return res.redirect(self.client.redirectUri + '?error=' + err.error +
         '&error_description=' + err.error_description + '&code=' + err.code);
     }
 
@@ -85,8 +85,8 @@ function checkParams (done) {
   }
 
   // Redirect URI
-  this.redirectURI = this.req.body.redirect_uri;
-  if (!this.redirectURI) {
+  this.redirectUri = this.req.body.redirect_uri;
+  if (!this.redirectUri) {
     return done(error('invalid_request',
       'Invalid or missing redirect_uri parameter'));
   }
@@ -107,7 +107,7 @@ function checkClient (done) {
 
     if (!client) {
       return done(error('invalid_client', 'Invalid client credentials'));
-    } else if (client.redirect_uri !== self.redirectURI) {
+    } else if (client.redirectUri !== self.redirectUri) {
       return done(error('invalid_request', 'redirect_uri does not match'));
     }
 
@@ -165,14 +165,8 @@ function saveAuthCode (done) {
   var expires = new Date();
   expires.setSeconds(expires.getSeconds() + this.config.authCodeLifetime);
 
-  var data = {
-    auth_code: this.authCode,
-    client_id: this.client.client_id,
-    expires: expires,
-    user: this.user
-  };
-
-  this.model.saveAuthCode(data, function (err) {
+  this.model.saveAuthCode(this.authCode, this.client.clientId, expires,
+      this.user, function (err) {
     if (err) return done(error('server_error', false, err));
     done();
   });
@@ -185,5 +179,5 @@ function saveAuthCode (done) {
  * @this   OAuth
  */
 function redirect (done) {
-  this.res.redirect(this.client.redirect_uri + '?code=' + this.authCode);
+  this.res.redirect(this.client.redirectUri + '?code=' + this.authCode);
 }

lib/authorise.js

@@ -123,7 +123,7 @@ function checkToken (done) {
 
     // Expose params
     self.req.oauth = { bearerToken: token };
-    self.req.user = token.user ? token.user : { id: token.user_id };
+    self.req.user = token.user ? token.user : { id: token.userId };
 
     done();
   });

lib/grant.js

@@ -79,11 +79,11 @@ function extractCredentials (done) {
   // Extract credentials
   // http://tools.ietf.org/html/rfc6749#section-3.2.1
   this.client = credsFromBasic(this.req) || credsFromBody(this.req);
-  if (!this.client.client_id ||
-      !this.client.client_id.match(this.config.regex.clientId)) {
+  if (!this.client.clientId ||
+      !this.client.clientId.match(this.config.regex.clientId)) {
     return done(error('invalid_client',
       'Invalid or missing client_id parameter'));
-  } else if (!this.client.client_secret) {
+  } else if (!this.client.clientSecret) {
     return done(error('invalid_client', 'Missing client_secret parameter'));
   }
 
@@ -97,8 +97,8 @@ function extractCredentials (done) {
  * @param {String} secret client_secret
  */
 function Client (id, secret) {
-  this.client_id = id;
-  this.client_secret = secret;
+  this.clientId = id;
+  this.clientSecret = secret;
 }
 
 /**
@@ -141,7 +141,7 @@ function credsFromBody (req) {
  * @this   OAuth
  */
 function checkClient (done) {
-  this.model.getClient(this.client.client_id, this.client.client_secret,
+  this.model.getClient(this.client.clientId, this.client.clientSecret,
       function (err, client) {
     if (err) return done(error('server_error', false, err));
 
@@ -193,16 +193,16 @@ function useAuthCodeGrant (done) {
   this.model.getAuthCode(code, function (err, authCode) {
     if (err) return done(error('server_error', false, err));
 
-    if (!authCode || authCode.client_id !== self.client.client_id) {
+    if (!authCode || authCode.clientId !== self.client.clientId) {
       return done(error('invalid_grant', 'Invalid code'));
     } else if (authCode.expires < self.now) {
       return done(error('invalid_grant', 'Code has expired'));
     }
 
-    self.user = authCode.user || { id: authCode.user_id };
+    self.user = authCode.user || { id: authCode.userId };
     if (!self.user.id) {
       return done(error('server_error', false,
-        'No user/user_id parameter returned from getauthCode'));
+        'No user/userId parameter returned from getauthCode'));
     }
 
     done();
@@ -251,16 +251,16 @@ function useRefreshTokenGrant (done) {
   this.model.getRefreshToken(token, function (err, refreshToken) {
     if (err) return done(error('server_error', false, err));
 
-    if (!refreshToken || refreshToken.client_id !== self.client.client_id) {
+    if (!refreshToken || refreshToken.clientId !== self.client.clientId) {
       return done(error('invalid_grant', 'Invalid refresh token'));
     } else if (refreshToken.expires !== null &&
         refreshToken.expires < self.now) {
       return done(error('invalid_grant', 'Refresh token has expired'));
     }
 
-    if (!refreshToken.user_id) {
+    if (!refreshToken.userId) {
       return done(error('server_error', false,
-        'No user/user_id parameter returned from getRefreshToken'));
+        'No user/userId parameter returned from getRefreshToken'));
     }
 
     if (self.model.revokeRefreshToken) {
@@ -270,7 +270,7 @@ function useRefreshTokenGrant (done) {
       });
     }
 
-    self.user = refreshToken.user || { id: refreshToken.user_id };
+    self.user = refreshToken.user || { id: refreshToken.userId };
     done();
   });
 }
@@ -308,7 +308,7 @@ function useExtendedGrant (done) {
  * @this   OAuth
  */
 function checkGrantTypeAllowed (done) {
-  this.model.grantTypeAllowed(this.client.client_id, this.grantType,
+  this.model.grantTypeAllowed(this.client.clientId, this.grantType,
       function (err, allowed) {
     if (err) return done(error('server_error', false, err));
 
@@ -329,7 +329,7 @@ function checkGrantTypeAllowed (done) {
  */
 function generateAccessToken (done) {
   var self = this;
-  token(this, 'access_token', function (err, token) {
+  token(this, 'accessToken', function (err, token) {
     self.accessToken = token;
     done(err);
   });
@@ -345,8 +345,8 @@ function saveAccessToken (done) {
   var accessToken = this.accessToken;
 
   // Object idicates a reissue
-  if (typeof accessToken === 'object' && accessToken.access_token) {
-    this.accessToken = accessToken.access_token;
+  if (typeof accessToken === 'object' && accessToken.accessToken) {
+    this.accessToken = accessToken.accessToken;
     return done();
   }
 
@@ -356,14 +356,8 @@ function saveAccessToken (done) {
     expires.setSeconds(expires.getSeconds() + this.config.accessTokenLifetime);
   }
 
-  var data = {
-    access_token: accessToken,
-    client_id: this.client.client_id,
-    expires: expires,
-    user: this.user
-  };
-
-  this.model.saveAccessToken(data, function (err) {
+  this.model.saveAccessToken(accessToken, this.client.clientId, expires,
+      this.user, function (err) {
     if (err) return done(error('server_error', false, err));
     done();
   });
@@ -379,7 +373,7 @@ function generateRefreshToken (done) {
   if (this.config.grants.indexOf('refresh_token') === -1) return done();
 
   var self = this;
-  token(this, 'refresh_token', function (err, token) {
+  token(this, 'refreshToken', function (err, token) {
     self.refreshToken = token;
     done(err);
   });
@@ -397,8 +391,8 @@ function saveRefreshToken (done) {
   if (!refreshToken) return done();
 
   // Object idicates a reissue
-  if (typeof refreshToken === 'object' && refreshToken.refresh_token) {
-    this.refreshToken = refreshToken.refresh_token;
+  if (typeof refreshToken === 'object' && refreshToken.refreshToken) {
+    this.refreshToken = refreshToken.refreshToken;
     return done();
   }
 
@@ -408,14 +402,8 @@ function saveRefreshToken (done) {
     expires.setSeconds(expires.getSeconds() + this.config.refreshTokenLifetime);
   }
 
-  var data = {
-    refresh_token: refreshToken,
-    client_id: this.client.client_id,
-    expires: expires,
-    user: this.user
-  };
-
-  this.model.saveRefreshToken(data, function (err) {
+  this.model.saveRefreshToken(refreshToken, this.client.clientId, expires,
+      this.user, function (err) {
     if (err) return done(error('server_error', false, err));
     done();
   });