passport-oauth2-refresh
Advanced tools
Changelog
[1.1.0] - 2018-06-06
getOAuthAccessToken function, for example the Reddit or Spotify strategy. #10Readme
An add-on to the Passport authentication library to provide a simple way to refresh your OAuth 2.0 access tokens.
npm install passport-oauth2-refresh --save
When setting up your passport strategies, add a call to refresh.use() after passport.use().
An example, using the Facebook strategy:
var passport = require('passport'),
, refresh = require('passport-oauth2-refresh')
, FacebookStrategy = require('passport-facebook').Strategy;
var strategy = new FacebookStrategy({
clientID: FACEBOOK_APP_ID,
clientSecret: FACEBOOK_APP_SECRET,
callbackURL: "http://www.example.com/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, done) {
// Make sure you store the refreshToken somewhere!
User.findOrCreate(..., function(err, user) {
if (err) { return done(err); }
done(null, user);
});
});
passport.use(strategy);
refresh.use(strategy);
When you need to refresh the access token, call requestNewAccessToken():
var refresh = require('passport-oauth2-refresh');
refresh.requestNewAccessToken('facebook', 'some_refresh_token', function(err, accessToken, refreshToken) {
// You have a new access token, store it in the user object,
// or use it to make a new request.
// `refreshToken` may or may not exist, depending on the strategy you are using.
// You probably don't need it anyway, as according to the OAuth 2.0 spec,
// it should be the same as the initial refresh token.
});
Instead of using the default strategy.name, you can setup passport-oauth2-refresh to use an specific name instead.
// Setup
passport.use('gmail', googleStrategy);
// To refresh
refresh.requestNewAccessToken('gmail', 'some_refresh_token', done);
This can be useful if you'd like to reuse strategy objects but under a different name.
Some endpoints require additional parameters to be sent when requesting a new access token. To send these parameters, specify the parameters when calling requestNewAccessToken as follows:
var extraParams = { some: 'extra_param' };
refresh.requestNewAccessToken('gmail', 'some_refresh_token', extraParams, done);
Passport is a library which doesn't deal in implementation-specific details. From the author:
Passport is a library for authenticating requests, and only that. It is not going to get involved in anything that is specific to OAuth, or any other authorization protocol.
Fair enough. Hence, this add-on was born as a way to help deal with refreshing OAuth 2.0 tokens.
It is particularly useful when dealing with Google's OAuth 2.0 implementation, which expires access tokens after 1 hour.
MIT
FAQs
A passport.js add-on to provide automatic OAuth 2.0 token refreshing.
The npm package passport-oauth2-refresh receives a total of 14,593 weekly downloads. As such, passport-oauth2-refresh popularity was classified as popular.
We found that passport-oauth2-refresh demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.
Security News
The NVD is facing a significant backlog with over 12,500 CVEs awaiting analysis, and more than 50% of known exploited vulnerabilities (KEVs) left unenriched since mid-February.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.