Remove recommendation of express-oauth-server from the README

[johnhforrest]

It appears that express-oauth-server is no longer maintained and has fallen out of compatibility with the main package. I suggest removing it from the README so other devs know to use this package directly when trying to integrate with Express.

[mjsalinger]

@johnhforrest Express-oauth-server is compatible and fully supported with this package - I use it in production. What issues are you running into?

[johnhforrest]

Hmm, maybe it's just the examples that are out of date. One thing in particular that I recall is in the mongodb example is that the OAuthToken model is created a property called accessTokenExpiresOn while node-oauth2-server is expecting a property called accessTokenExpiresAt.

I found it much easier to integrate with this package directly instead of trying to figure out which pieces of the example code in there are valid.

The last commit was a year ago, the build is now failing, and issues like oauthjs/express-oauth-server#65 seem to indicate that the project isn't being actively maintained anymore—meaning that when this package is updated to address the security vulnerabilities (#508) the other package will still be vulnerable.

[mjsalinger]

@johnhforrest It's perfectly fine if you want to use this package directly. I'm doing a push to get everything upgraded and working well over the next few weeks.