JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 29878
  • Score
    100M100P100Q152552F
  • License MIT

A passport.js add-on to provide automatic OAuth 2.0 token refreshing.

Package Exports

  • passport-oauth2-refresh

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (passport-oauth2-refresh) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Passport OAuth 2.0 Refresh

An add-on to the Passport authentication library to provide a simple way to refresh your OAuth 2.0 access tokens.

Installation

npm install passport-oauth2-refresh

Usage

When setting up your passport strategies, add a call to refresh.use() after passport.use().

An example, using the Facebook strategy:

var passport = require('passport'),
  , refresh = require('passport-oauth2-refresh')
  , FacebookStrategy = require('passport-facebook').Strategy;

var strategy = new FacebookStrategy({
  clientID: FACEBOOK_APP_ID,
  clientSecret: FACEBOOK_APP_SECRET,
  callbackURL: "http://www.example.com/auth/facebook/callback"
},
function(accessToken, refreshToken, profile, done) {
  // Make sure you store the refreshToken somewhere!
  User.findOrCreate(..., function(err, user) {
    if (err) { return done(err); }
    done(null, user);
  });
});

passport.use(strategy);
refresh.use(strategy);

When you need to refresh the access token, call requestNewAccessToken():

var refresh = require('passport-oauth2-refresh');
refresh.requestNewAccessToken('facebook', 'some_refresh_token', function(err, accessToken, refreshToken) {
  // You have a new access token, store it in the user object,
  // or use it to make a new request.
  // `refreshToken` may or may not exist, depending on the strategy you are using.
  // You probably don't need it anyway, as according to the OAuth 2.0 spec,
  // it should be the same as the initial refresh token.

});

Why?

Passport is a library which doesn't deal in implementation-specific details. From the author:

Passport is a library for authenticating requests, and only that. It is not going to get involved in anything that is specific to OAuth, or any other authorization protocol.

Fair enough. Hence, this add-on was born as a way to help deal with refreshing OAuth 2.0 tokens.

It is particularly useful when dealing with Google's OAuth 2.0 implementation, which expires access tokens after 1 hour.

License

MIT