remix-auth-oauth2
Advanced tools
A strategy to use and implement OAuth2 framework for authentication with federated services like Google, Facebook, GitHub, etc.
A strategy to use and implement OAuth2 framework for authentication with federated services like Google, Facebook, GitHub, etc.
| Runtime | Has Support |
|---|---|
| Node.js | ✅ |
| Cloudflare | ✅ |
| Deno | ✅ |
npm add remix-auth-oauth2
You can use this strategy by adding it to your authenticator instance and configuring the correct endpoints.
export let authenticator = new Authenticator<User>();
authenticator.use(
new OAuth2Strategy(
{
clientId: CLIENT_ID,
clientSecret: CLIENT_SECRET,
authorizationEndpoint: "https://provider.com/oauth2/authorize",
tokenEndpoint: "https://provider.com/oauth2/token",
redirectURI: "https://example.app/auth/callback",
tokenRevocationEndpoint: "https://provider.com/oauth2/revoke", // optional
codeChallengeMethod: "S256", // optional
scopes: ["openid", "email", "profile"], // optional
authenticateWith: "request_body", // optional
},
async ({ tokens, request }) => {
// here you can use the params above to get the user and return it
// what you do inside this and how you find the user is up to you
return await getUser(tokens, request);
}
),
// this is optional, but if you setup more than one OAuth2 instance you will
// need to set a custom name to each one
"provider-name"
);
The strategy exposes a public refreshToken method that you can use to refresh the access token.
let strategy = new OAuth2Strategy<User>(options, verify);
let tokens = await strategy.refreshToken(refreshToken);
The refresh token is part of the tokens object the verify function receives. How you store it to call strategy.refreshToken and what you do with the tokens object after it is up to you.
The most common approach would be to store the refresh token in the user data and then update the session after refreshing the token.
authenticator.use(
new OAuth2Strategy<User>(
options,
async ({ tokens, request }) => {
let user = await getUser(tokens, request);
return {
...user,
accessToken: tokens.accessToken()
refreshToken: tokens.hasRefreshToken() ? tokens.refreshToken() : null,
}
}
)
);
// later in your code you can use it to get new tokens object
let tokens = await strategy.refreshToken(user.refreshToken);
You can revoke the access token the user has with the provider.
await strategy.revokeToken(user.accessToken);
FAQs
A strategy to use and implement OAuth2 framework for authentication with federated services like Google, Facebook, GitHub, etc.
The npm package remix-auth-oauth2 receives a total of 61,026 weekly downloads. As such, remix-auth-oauth2 popularity was classified as popular.
We found that remix-auth-oauth2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.