From 5398e3600da25ebe5d5bea37c1a3a454c026bdb7 Mon Sep 17 00:00:00 2001 From: Giovanni Ruzzi Date: Mon, 29 Apr 2024 14:28:41 +0200 Subject: [PATCH 1/2] Update README.md after commits bff756b and 7709f45 --- README.md | 27 +++++++++++++++++++++++---- examples/discord.js | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 examples/discord.js diff --git a/README.md b/README.md index 7da6651..75090bd 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ npm i @fastify/oauth2 ## Usage +Two separate endpoints need to be created when using the fastify-oauth2 module, one for the callback from the OAuth2 service provider (such as Facebook or Discord) and another for initializing the OAuth2 login flow. + ```js const fastify = require('fastify')({ logger: { level: 'trace' } }) const oauthPlugin = require('@fastify/oauth2') @@ -30,24 +32,41 @@ fastify.register(oauthPlugin, { }, auth: oauthPlugin.FACEBOOK_CONFIGURATION }, - // register a fastify url to start the redirect flow + // register a fastify url to start the redirect flow to the service provider's OAuth2 login startRedirectPath: '/login/facebook', - // facebook redirect here after the user login + // service provider redirects here after user login callbackUri: 'http://localhost:3000/login/facebook/callback' }) +// This is the new endpoint that initializes the OAuth2 login flow +fastify.get('/login/facebook', {}, (req, reply) => { + fastify.facebookOAuth2.generateAuthorizationUri( + req, + reply, + (err, authorizationEndpoint) => { + if (err) console.error(err) + reply.redirect(authorizationEndpoint) + } + ); +}); + +// The service provider redirect the user here after successful login fastify.get('/login/facebook/callback', async function (request, reply) { const { token } = await this.facebookOAuth2.getAccessTokenFromAuthorizationCodeFlow(request) - + console.log(token.access_token) - // if later you need to refresh the token you can use + // if later need to refresh the token this can be used // const { token: newToken } = await this.getNewAccessTokenUsingRefreshToken(token) reply.send({ access_token: token.access_token }) }) ``` +In short, it is necessary to initially navigate to the `/login/facebook` endpoint manually in a web browser. This will redirect to the OAuth2 service provider's login screen. From there, the service provider will automatically redirect back to the `/login/facebook/callback` endpoint where the access token can be retrieved and used. The `CLIENT_ID` and `CLIENT_SECRET` need to be replaced with the ones provided by the service provider. + +A complete example is provided at [fastify-discord-oauth2-example](https://github.com/fastify/fastify-oauth2/blob/master/examples/discord.js) + ### Usage with `@fastify/cookie` Since v7.2.0, `@fastify/oauth2` requires the use of cookies to securely implement the OAuth2 exchange. Therefore, if you need `@fastify/cookie` yourself, diff --git a/examples/discord.js b/examples/discord.js new file mode 100644 index 0000000..b259713 --- /dev/null +++ b/examples/discord.js @@ -0,0 +1,40 @@ +"use strict"; + +const fastify = require("fastify")({ logger: { level: "trace" } }); +const oauthPlugin = require(".."); + +fastify.register(oauthPlugin, { + name: "discordOAuth2", + credentials: { + client: { + id: "", + secret: "", + }, + auth: oauthPlugin.DISCORD_CONFIGURATION, + }, + startRedirectPath: "/login/facebook", + callbackUri: "http://localhost:3000/login/discord/callback", +}); + +fastify.get("/login/discord/callback", async function (request, reply) { + try { + const token = + await this.discordOAuth2.getAccessTokenFromAuthorizationCodeFlow(request); + return reply.send(token); + } catch (error) { + return reply.send(error); + } +}); + +fastify.get("/login/discord", {}, (req, reply) => { + fastify.discordOAuth2.generateAuthorizationUri( + req, + reply, + (err, authorizationEndpoint) => { + if (err) console.error(err); + reply.redirect(authorizationEndpoint); + } + ); +}); + +fastify.listen({ port: 3000 }); From ad92edc7c042c1d470caa793ee5e6bd970ce58c8 Mon Sep 17 00:00:00 2001 From: Giovanni Ruzzi Date: Mon, 29 Apr 2024 15:56:35 +0200 Subject: [PATCH 2/2] Lint code --- examples/discord.js | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/examples/discord.js b/examples/discord.js index b259713..5665bcf 100644 --- a/examples/discord.js +++ b/examples/discord.js @@ -1,40 +1,40 @@ -"use strict"; +'use strict' -const fastify = require("fastify")({ logger: { level: "trace" } }); -const oauthPlugin = require(".."); +const fastify = require('fastify')({ logger: { level: 'trace' } }) +const oauthPlugin = require('..') fastify.register(oauthPlugin, { - name: "discordOAuth2", + name: 'discordOAuth2', credentials: { client: { - id: "", - secret: "", + id: '', + secret: '' }, - auth: oauthPlugin.DISCORD_CONFIGURATION, + auth: oauthPlugin.DISCORD_CONFIGURATION }, - startRedirectPath: "/login/facebook", - callbackUri: "http://localhost:3000/login/discord/callback", -}); + startRedirectPath: '/login/facebook', + callbackUri: 'http://localhost:3000/login/discord/callback' +}) -fastify.get("/login/discord/callback", async function (request, reply) { +fastify.get('/login/discord/callback', async function (request, reply) { try { const token = - await this.discordOAuth2.getAccessTokenFromAuthorizationCodeFlow(request); - return reply.send(token); + await this.discordOAuth2.getAccessTokenFromAuthorizationCodeFlow(request) + return reply.send(token) } catch (error) { - return reply.send(error); + return reply.send(error) } -}); +}) -fastify.get("/login/discord", {}, (req, reply) => { +fastify.get('/login/discord', {}, (req, reply) => { fastify.discordOAuth2.generateAuthorizationUri( req, reply, (err, authorizationEndpoint) => { - if (err) console.error(err); - reply.redirect(authorizationEndpoint); + if (err) console.error(err) + reply.redirect(authorizationEndpoint) } - ); -}); + ) +}) -fastify.listen({ port: 3000 }); +fastify.listen({ port: 3000 })