• Stars
    star
    190
  • Rank 203,739 (Top 5 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created about 10 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A passport.js add-on to provide automatic OAuth 2.0 token refreshing.

Passport OAuth 2.0 Refresh

An add-on to the Passport authentication library to provide a simple way to refresh your OAuth 2.0 access tokens.

Build Status npm version npm downloads per week Dependency Status

Installation

npm install passport-oauth2-refresh

Usage

When setting up your passport strategies, add a call to refresh.use() after passport.use().

An example, using the Facebook strategy:

const passport = require('passport');
const refresh = require('passport-oauth2-refresh');
const FacebookStrategy = require('passport-facebook').Strategy;

const strategy = new FacebookStrategy({
  clientID: FACEBOOK_APP_ID,
  clientSecret: FACEBOOK_APP_SECRET,
  callbackURL: "http://www.example.com/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, done) {
  // Make sure you store the refreshToken somewhere!
  User.findOrCreate(..., function(err, user) {
    if (err) { return done(err); }
    done(null, user);
  });
});

passport.use(strategy);
refresh.use(strategy);

When you need to refresh the access token, call requestNewAccessToken():

const refresh = require('passport-oauth2-refresh');
refresh.requestNewAccessToken(
  'facebook',
  'some_refresh_token',
  function (err, accessToken, refreshToken) {
    // You have a new access token, store it in the user object,
    // or use it to make a new request.
    // `refreshToken` may or may not exist, depending on the strategy you are using.
    // You probably don't need it anyway, as according to the OAuth 2.0 spec,
    // it should be the same as the initial refresh token.
  },
);

Specific name

Instead of using the default strategy.name, you can setup passport-oauth2-refresh to use an specific name instead.

// Setup
passport.use('gmail', googleStrategy);

// To refresh
refresh.requestNewAccessToken('gmail', 'some_refresh_token', done);

This can be useful if you'd like to reuse strategy objects but under a different name.

Custom OAuth2 behaviour

Most passport strategies that use OAuth 2.0 should work without any additional configuration. Some strategies, however require custom OAuth configuration, or do not expose an oauth2 adapter for internal use. In these cases, a callback can be specified by calling the use function with an extra options parameter:

const { OAuth2 } = require('oauth');

refresh.use(strategy, {
  setRefreshOAuth2() {
    return new OAuth2(/* custom oauth config */);
  },
});

The setRefreshOAuth2 callback should return an instance of the node-oauth OAuth2 class.

The callback is called with two named parameters, which can be used to further customise the OAuth2 adapter:

refresh.use(strategy, {
  setRefreshOAuth2({ strategyOAuth2, refreshOAuth2 }) {
    // These named parameters are set for most strategies.
    // The `refreshOAuth2` instance is a clone of the one supplied by the strategy, inheriting most of its config.
    // Customise it here and return if necessary.
    // For example, to set a proxy:
    refreshOAuth2.setAgent(new HttpsProxyAgent(agentUrl));
    return refreshOAuth2;
  },
});

Additional parameters

Some endpoints require additional parameters to be sent when requesting a new access token. To send these parameters, specify the parameters when calling requestNewAccessToken as follows:

const extraParams = { some: 'extra_param' };
refresh.requestNewAccessToken('gmail', 'some_refresh_token', extraParams, done);

Multiple instances

Projects that need multiple instances of Passport can construct them using the Passport constructor available on the passport module. Similarly, this module provides an AuthTokenRefresh constructor that can be used instead of the single instance provided by default.

const { Passport } = require('passport');
const { AuthTokenRefresh } = require('passport-oauth2-refresh');

const passport = new Passport();
const refresh = new AuthTokenRefresh();

// Additional, distinct instances of these modules can also be created

Examples

  • See issue #1 for an example of how to refresh a token when requesting data from the Google APIs.

Why?

Passport is a library which doesn't deal in implementation-specific details. From the author:

Passport is a library for authenticating requests, and only that. It is not going to get involved in anything that is specific to OAuth, or any other authorization protocol.

Fair enough. Hence, this add-on was born as a way to help deal with refreshing OAuth 2.0 tokens.

It is particularly useful when dealing with Google's OAuth 2.0 implementation, which expires access tokens after 1 hour.

License

MIT

More Repositories

1

express-mongo-sanitize

Sanitize your express payload to prevent MongoDB operator injection.
JavaScript
216
star
2

backbone.basicauth

HTTP Basic Authentication for Backbone.
JavaScript
105
star
3

ng-elastic

Angular/Ionic 2 directive to auto expand textareas according to their contents.
TypeScript
49
star
4

body-parser-xml

XML parser middleware for express.js.
JavaScript
37
star
5

tappivate

A small library to help make your mobile web buttons and lists feel a little more app-y.
JavaScript
33
star
6

sugar-date

A customised build of sugar.js containing only the date functions.
JavaScript
12
star
7

poirot

A simple repo to showcase private repository deployment.
Shell
11
star
8

ng-imgcache

TypeScript
6
star
9

mean-docker-example

JavaScript
5
star
10

GumtreeScraper

Java
2
star
11

Alinea-iPad-Demo

A demo iPad app to showcase retail-specific features.
JavaScript
2
star
12

backbone.sentry

Protect your Backbone Routes like a Sentry.
JavaScript
2
star
13

SweepBook

JavaScript
2
star
14

phonegap-animated-ios

Objective-C
2
star
15

no-rest-for-the-whippet

A tutorial for creating a test-driven REST API using Mongoose, Express, Node and Supertest. And dogs.
JavaScript
2
star
16

passportjs-example

JavaScript
1
star
17

ionic-prod-flag-tester

CSS
1
star
18

Recognizr

A small library to detect capabilities of mobile browsers.
JavaScript
1
star
19

Backbone-ZombieNation

A small library which helps to manage bindings and subviews in a Backbone Application.
JavaScript
1
star
20

SafariApps-Prototype

Prototype for SafariApps.
JavaScript
1
star
21

tomspencer.dev

Astro
1
star
22

norrisbot

JavaScript
1
star
23

ng-component-router-example

JavaScript
1
star
24

catinator

JavaScript
1
star