I am new to Node JS and GitHub. I found your example very enlightening. I hope to tailor this for my needs but wanted to report a problem I had saving a token using your code.

I had to make the following two changes:

• In your "accessTokenModel.js", function "saveAccessToken", I had to modify the call to: "accessTokensDBHelper.saveAccessToken(accessToken, user.username, callback)", and
• In your "accessTokensDBHelper.js", function "saveAccessToken", I had to modify the SQL query to INSERT INTO access_tokens (access_token, user_id) VALUES ("${accessToken}", "${userID}") ON DUPLICATE KEY UPDATE access_token = "${accessToken}";

I haven't examined this much so I am not certain if this is the correct fix.

Please add details to this file, mainly in terms of flow of execution. Right now it is quite difficult to understand with so many callback functions.

Using SHA for password hashing, no salt, leaking whether user is registered or not, no account verification (eg via email), no ability to reset passwords

Since this application is a starter for an application about implementing OAuth providers, I'm concerned about how this could cause huge issues if someone without much security knowledge used it as-is on their oauth provider project.

DO NOT USE THIS REPO

There are many issues with callbacks being used instead of promises. There's syntax errors too. Not ES6 compatible.