Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

passport-twitter-2

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passport-twitter-2 - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

86

index.js

@@ -1,2 +0,4 @@

import { Strategy as PassportStrategy } from 'passport';
import {
Strategy as PassportStrategy
} from 'passport';
import crypto from 'crypto';

@@ -18,7 +20,3 @@

this.name = 'twitter';
this._verify = verify;
this._callbackURL = options.callbackURL;
this._clientID = options.clientID;
this._clientSecret = options.clientSecret;
this.scope = [
this.scope = options.scope || [
"tweet.read",

@@ -28,14 +26,19 @@ "offline.access",

];
this._callbackURL = options.callbackURL;
this._clientID = options.clientID;
this._clientSecret = options.clientSecret;
this._verify = verify;
}
async authenticate(req) {
const verified = (error, user, info) => {
if (error) return this.error(error);
if (!user) return this.fail(info);
return this.success(user, info);
}
if (req.query?.code && req.query?.state) {
try {
const { code, state } = req.query;
const { code_verifier, state: session_state } = req.session;
if (!code_verifier || !state || !session_state || !code) {
const {
code,
state,
} = req.query;
const {
code_verifier,
state: session_state
} = req.session;
if (!code || !code_verifier || !session_state || !state) {
return this.fail('You denied the app or your session expired!');

@@ -47,12 +50,12 @@ }

let body = new URLSearchParams({
client_id: this._clientID,
client_secret: this._clientSecret,
code,
code_verifier,
grant_type: 'authorization_code',
redirect_uri: this._callbackURL,
grant_type: 'authorization_code',
client_id: this._clientID,
client_secret: this._clientSecret,
});
let data = await fetch('https://api.twitter.com/2/oauth2/token', {
method: 'POST',
headers: {
headers: {
Authorization: `Basic ${Buffer.from(`${encodeURIComponent(this._clientID)}:${encodeURIComponent(this._clientSecret)}`).toString('base64')}`,

@@ -62,7 +65,12 @@ },

}).then(res => res.json());
const { access_token, refresh_token, expires_in } = data;
const {
access_token,
refresh_token,
} = data;
if (!access_token) {
return this.fail('No access token!');
}
let { data: profile } = await fetch('https://api.twitter.com/2/users/me', {
let {
data: profile
} = await fetch('https://api.twitter.com/2/users/me', {
headers: {

@@ -75,3 +83,7 @@ Authorization: `Bearer ${access_token}`,

}
return this._verify(access_token, refresh_token, profile, verified);
return this._verify(access_token, refresh_token, profile, (error, user, info) => {
if (error) return this.error(error);
if (!user) return this.fail(info);
return this.success(user, info);
});
} catch (error) {

@@ -82,3 +94,7 @@ return this.error(error);

if (req.query?.error) {
return this.fail(req.query.error === "access_denied" ? "You denied the app!" : String(req.query.error));
return this.fail(
req.query.error === "access_denied"
? "You denied the app!"
: String(req.query.error)
);
}

@@ -88,19 +104,19 @@ let state = generateRandomString(32);

let code_challenge = crypto
.createHash('sha256')
.update(code_verifier)
.digest('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/\=/g, '');
.createHash('sha256')
.update(code_verifier)
.digest('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/\=/g, '');
req.session.code_challenge = code_challenge;
req.session.code_verifier = code_verifier;
req.session.code_challenge = code_challenge;
req.session.state = state;
const params = new URLSearchParams({
response_type: 'code',
client_id: this._clientID,
code_challenge,
code_challenge_method: 'S256',
redirect_uri: this._callbackURL,
response_type: 'code',
scope: this.scope.join(' '),
state,
code_challenge,
code_challenge_method: 'S256',
scope: 'tweet.read offline.access users.read',
}).toString();

@@ -111,2 +127,4 @@ return this.redirect(`https://twitter.com/i/oauth2/authorize?${params}`);

export { Strategy };
export {
Strategy
};

2

package.json
{
"name": "passport-twitter-2",
"version": "0.0.3",
"version": "0.0.4",
"description": "Passport Strategy for Twitter API v2",

@@ -5,0 +5,0 @@ "main": "index.js",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc