-
Notifications
You must be signed in to change notification settings - Fork 16
/
passport-oauth2.express.txt
49 lines (46 loc) · 4.44 KB
/
passport-oauth2.express.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
PASSPORT-OAUTH2
new PASSPORT-OAUTH2(OBJ, #STRATEGY that makes a client OAuth request:
FUNC([REQ, ]ACCESS_TOKEN, # - on first call (i.e. any page), redirect user to AUTH_URL?TOKEN_REQUEST
REFRESH_TOKEN, # - on APP_URL, POST - AUTH_URL__ INTERMEDIARY_TOKEN_REQUEST, then validates according to
[INTERMEDIATE_TOKEN_REQUEST,] # ACCESS_TOKEN returned
PROF_OBJ, #REQ.session must exist.
FUNC2(ERROR, USERVAL, OBJ2))) #OBJ:
# - authorizationURL: AUTH_URL
# - tokenURL: TOKEN_URL
# - clientID: CLIENT_ID
# - clientSecret: CLIENT_SECRET
# - callbackURL: APP_URL
# - scope SCOPE[_ARR]: with ARR, use scopeSeparator STR (def: " ")
# - sessionKey VAR (def: "oauth2:DOMAIN"): REQ.session.VAR is used
# - proxy true: can also use APPVAR "trust proxy"
#Steps:
# - at init:
# - OAUTH2REQ = new OAUTH.OAuth2(CLIENT_ID, CLIENT_SECRET, "", AUTH_URL, TOKEN_URL)
# Assign it to this._oauth2 (can use it e.g. to do OAUTH2REQ.get(...)
# - on first call, will this.redirect(OAUTH2REQ.getAuthorizeUrl(TOKEN_REQUEST)):
# - TOKEN_REQUEST is filled with CLIENT_ID, response_type, redirect_uri, scope, state
# - state = RANDOM_STR, saved at REQ.session.SESSIONKEY.state
# - to fill other params, redefine STRATEGY.authorizationParams(PP_OBJ)->TOKEN_REQUEST
# (will be overwritten with above)
# See PASSPORT-GOOGLE-AUTH on how to do it.
# - on server answer to APP_URL:
# - verify state = former state, then erases REQ.session.SESSIONKEY.state
# - if not egal -> this.fail()
# - if GET variable error="VAL":
# - if "access_denied" -> this.fail({ message: GET variable error_description })
# - if "other" -> this.error()
# - OAUTH2REQ.getOAuthAccessToken(CODE_STR, INTERMEDIATE_TOKEN_REQUEST)
# - Automatically set grant_type, redirect_uri, code, client_id, client_secret in PP_OBJ
# - to fill other params, redefined STRATEGY.tokenParams(PP_OBJ)->INTRMDIATE_TOKEN_REQUEST
# (will be overwritten with above)
# - Then on answer:
# - Fires STRATEGY.userProfile(TOKEN, FUNC(ERROR, PROF_OBJ))
# (def: do nothing, PROF_OBJ is {})
# - Fires FUNC(...):
# - If REQ, use OBJ.passReqToCallback true
# - this.fail(OBJ2) is !USERVAL
# - this.success(USERVAL, OBJ2) otherwise
# - this.error(ERROR) if ERROR
#STRATEGY.name = "oauth2"