How do I use this plugin in TypeScript? Is this correct?

   fastify.register(oauthPlugin, {
      name: "googleOAuth2",
      scope: ["profile"],
      credentials: {
        client: {
          id: "{ID}",
          secret: "{SECRET}",
        },
        auth: oauthPlugin.GOOGLE_CONFIGURATION,
      },
      startRedirectPath: "/login/google",
      callbackUri: "http://localhost:8080/login/google/callback",
    })

   fastify.get("/login/google/callback", async (req, reply) => {
      try {
        const token = await this.googleOAuth2.getAccessTokenFromAuthorizationCodeFlow
          .getAccessTokenFromAuthorizationCodeFlow(req);

        console.log(token.access_token);

        // if later you need to refresh the token you can use
        // const newToken = await this.getNewAccessTokenUsingRefreshToken(token.refresh_token)

        reply.send({ access_token: token.access_token });
      } catch (error) {
        console.log(error)
      }

Result

TypeError: Cannot read property 'googleOAuth2' of undefined

Your Environment

• node version: 10
• fastify version: >=3.0.0
• os: Linux

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

I really can't find a place where I can get the user's email

When I visit a page A, without permission, I want to jump to the page where Google logs in, enter the Google account password, and then how to jump back to the original page A?

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.2.3

Plugin version

3.0.0

Node.js version

12.19.0

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

10.15.7

Description

A redirect to a generated apple's authorization URL fails with a message invalid_request. response_mode must be form_post when name or email scope is requested when a query parameter called response_mode: 'form_post' is not used in conjunction with another query parameter called scope with a value of either name, or email. See error message below

Steps to Reproduce

1. Define scope as ['name email'] in Apple Fastify OAuth2 config.
2. Setup all other required configurations for Fastify OAuth2 library. See example below:

export const appleOAuth2Options: FastifyOAuth2Options = {
   name: 'appleOAuth2',
   scope: ['email name'],
   credentials: {
      client: {
        id: APPLE_CLIENT_ID,
        secret: APPLE_SECRET,
      },
      auth: oauthPlugin.APPLE_CONFIGURATION,
   },
   startRedirectPath: '<START_REDIRECT_PATH>',
   callbackUri: `<CALLBACK_URL>`,
};

3. Wire configuration from Step 2 with your backend application
4. Open a browser and specify a startRedirectPath so that Fastify can track this endpoint, generate Authorization URL for Apple and redirect you by this URL in the browser.

Actual behavior: Error message invalid_request. response_mode must be form_post when name or email scope is requested appears and authorization fails

Expected Behavior

Apple specs requires to specify an obligated query parameter called response_mode: 'form_post'. See this link for reference. Thus you have to modify a ``

Your current implementation looks like this (see code for reference):
.

It has to be rewritten like this:

function generateAuthorizationUri (requestObject) {
    const state = generateStateFunction(requestObject)
    const scopeName = Array.isArray(scope) ? scope.join(' ') : scope;
    const hasResponseMode = scopeName.includes('email') || scopeName.includes('name');
    const urlOptions = Object.assign({}, callbackUriParams, {
      redirect_uri: callbackUri,
      scope: scope,
      state: state,
      ...(hasResponseMode && { response_mode: 'form_post' }),
    })
    const authorizationUri = oauth2.authorizationCode.authorizeURL(urlOptions)
    return authorizationUri
  }

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.8.1

Plugin version

6.1.0

Node.js version

16.14

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

12.3.1

Description

Hello,

I am facing this issue since previous version of @fastify/oauth2: the authorizationMethod for Apple OAuth2 login is wrongly set to header, leading any login attempt to fail, instead the good format is classic form-body.

What I could do until the previous versions of the plugin was the following workaround code, that I was executing right after the plugin registration:

type OAuth2ReservedNamespace = {
      oauth2: {
         authorizationCode: {
            config: {
               options: {
                  authorizationMethod?: string;
               };
            };
         };
      };
   };

   // We need to delete Auth method, cause it has been wrongly set to Header in the library, but apple uses form-body
   delete (fastify.apple as unknown as OAuth2ReservedNamespace).oauth2
      .authorizationCode.config.options.authorizationMethod;

With this piece of code I was force removing the header auth method, allowing the auth flow to work.

But in the last release you have changed the config field to class private field (#config) and now I can't modify it even with the workaround.

Since this problem is becoming quite annoying, can you please change the #config.options.authorizationMethod value for Apple from your repository so that it's set to form-body, or is unset since it should be the default behavior.

Thanks in advance

Steps to Reproduce

Just put in place an Apple OAuth2 flow with the plugin and try to login with Apple ID

Expected Behavior

Usage of form body for authorization

UPDATE: Ok I've finally found the solution:

  credentials: {
     client: {
        id: ...,
        secret: ...,
     },
     **options: {
        authorizationMethod: 'body',
     },**
     auth: oauthPlugin.APPLE_CONFIGURATION,
  },

The options section could be added in th credentials section of the plugin registration option.

A bit tricky to understand. It would be nice a small notion about this at least in the github page, to avoid devs getting mad.

Especially valid for Apple ID that has this special configuration required.

UPDATE 2: Some interfaces still need to be adjusted ad hoc for Apple login. For example the OAuth2Token is missing some extra field outputted by the Apple login process.
In particular OAuth2Token.token.id_token is a missing field, needed to extract user email.
I do realize that is a special behavior only belonging to Apple, but a specialized version of the token may be good for users to be aware again.

Thanks again

If the decorator has already been declared decorate will throw an error here.

You can do two things:

• Use hasDecorator and in case next(new Error(...)) (docs)
• Use a try catch block and call next(err)if it fails

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.27.4

Plugin version

4.5.0

Node.js version

16.14.2

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

12.3.1

Description

While trying to implement the feature letting me refresh my Google access_token using the previously emitted refresh_token using getNewAccessTokenUsingRefreshToken() method and when I try to get it back to the client, I receive an error stating we're trying to stringify a circular JSON object while we expect to have a OAuth2Token instance.

Steps to Reproduce

• create a simple fastify app
• add the fastify-oauth2 package
• setup google oauth credentials (I didn't test but based on the code I suppose it should be reproduced for any oauth option out there)
• add the following code to a new typescript file under the routes directory:

fastify.get("/auth/google/refresh", async (request, reply) => {
    const refresh_token = (request.query as { refresh_token: string })
      .refresh_token;
    const response =
      await fastify.googleOAuth2.getNewAccessTokenUsingRefreshToken(
        refresh_token,
        {}
      );
    reply.send(response);
  });

• perform a simple call using any rest client on the route and note the error on the terminal running the server

Expected Behavior

I expect to receive a Oauth2Token instance (if the refresh token is obviously correct) that would have the following structure:
export interface OAuth2Token {
token_type: 'bearer';
access_token: string;
refresh_token?: string;
expires_in: number;
}

How to judge whether the current token meets the requirements，I dont know

We should drop the dep es6-promisify since we don't need to support node 6 right now

Right now the readme doesn't show all the preset of this module:

• FACEBOOK_CONFIGURATION
• GITHUB_CONFIGURATION
• LINKEDIN_CONFIGURATION
• GOOGLE_CONFIGURATION
• MICROSOFT_CONFIGURATION

or how to use it with a custom configuration (using credential.auth)

It would be good to add it 👍

Hello there, great work with this decorator. My answer is pretty straightforward, is it possible to use more than one login strategies at once without registering the decorator multiple times?

VKONTAKTE_CONFIGURATION has the same problem as LINKEDIN_CONFIGURATION, need add options params

options: {
  bodyFormat: 'form',
  authorizationMethod: 'body'
}

but if added options displayed typescript error

export interface Credentials {
  client: {
    id: string;
    secret: string;
  };
  auth: ProviderConfiguration;
}

options missing in index.d.ts

Originally posted by @ileonovdima in #58 (comment)

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.10.0

Plugin version

6.1.0

Node.js version

18.10.0

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

20.04.5

Description

Currently startRedirectPath is a required string when it should be optional to allow the user to handle the redirect themselves, this scenario is outlined in the readme but will throw a TS error unless the type is overridden.

Steps to Reproduce

export interface FastifyOAuth2Options { name: string; scope: string[]; credentials: Credentials; callbackUri: string; callbackUriParams?: Object; tokenRequestParams?: Object; generateStateFunction?: Function; checkStateFunction?: Function; startRedirectPath: string; tags?: string[]; schema?: object; }

Expected Behavior

No response

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

The API of simple-oauth2 has changed significantly in v4 and I'm not sure how to reconcile. If you are a user of this module, a PR updating that would be highly appreciated.

Motivation

No response

Example

No response

as titled, it's not needed.

https://github.com/fastify/fastify-oauth2/blob/master/index.js#L59

We need params : access_type: offline to get refresh token with Google API

I think this module should provide some default flows.

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

I need to redirect based on referer querystring after handle provider callback

🐛 Bug Report

The DISCORD_CONFIGURATION type is missing from the declaration file. It is clearly supported and declared in the source, but the typings haven't been properly updated.

Additionally, there has been another issue reporting incorrect or missing typings and it was automatically marked as stale. #71

To Reproduce

Attempt to use "DISCORD_CONFIGURATION" as an "auth" option. This is only a typing issue, not a code issue.

/*
  app.register(require("fastify-oauth2", {
    credentials: {
      auth: fastifyOauth.DISCORD_CONFIGURATION, // Property 'DISCORD_CONFIGURATION' does not exist on type 'FastifyPlugin<FastifyOAuth2Options> & FastifyOAuth2'.
    },
  });

Expected behavior

The type "DISCORD_CONFIGURATION" should be added to the FastifyOAuth2 interface as "ProviderConfiguration" so TypeScript stays happy.

  DISCORD_CONFIGURATION: ProviderConfiguration;

Your Environment

• node version: 14
• fastify version: >=3.0.0
• os: Mac, Windows, Linux

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.22.1

Plugin version

4.3.0

Node.js version

16.4.2

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

11.4

Description

No overload matches this call.
  Overload 2 of 3, '(plugin: FastifyPluginAsync<FastifyOAuth2Options, Server>, opts?: FastifyRegisterOptions<FastifyOAuth2Options> | undefined): FastifyInstance<...> & PromiseLike<...>', gave the following error.
    Argument of type 'FastifyPlugin<FastifyOAuth2Options> & FastifyOAuth2' is not assignable to parameter of type 'FastifyPluginAsync<FastifyOAuth2Options, Server>'.
      Type 'FastifyPluginCallback<FastifyOAuth2Options, Server> & FastifyOAuth2' is not assignable to type 'FastifyPluginAsync<FastifyOAuth2Options, Server>'.ts(2769)

Looks like fastifyOauth2 is using FastifyPlugin instead of FastifyPluginAsync

Steps to Reproduce

1. Install fastify and fastify-oauth2
2. Import plugin from fastify-oauth2
3. Attempt to pass plugin to fastify.register

Expected Behavior

No complaints from compiler.

I see the state gets generated automatically, without checking if one was passed..
Or am I missing something?

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.4.0

Plugin version

6.0.0

Node.js version

16.6.0

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

12.3.1

Description

Hello! I'm new to Fastify. Currently trying to set up Github OAuth2 and I can't renew my access token using refresh token with getNewAccessTokenUsingRefreshToken because the method expects Token instead of string. Here's simple snippet:

const refresh_token = request.body.refresh_token; // string
const newToken = await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(refresh_token, {});

gives type error Argument of type 'string' is not assignable to parameter of type 'Token'.

I tried fixing the type error as follows, but I'm getting { "error": "bad_refresh_token", "error_description": "The refresh token passed is incorrect or expired." } error response:

const newToken =await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(
  {
    access_token: expiredAccessToken, // string   <-- passing not expired access token also doesn't work
    refresh_token: refreshToken, // string
    token_type: "bearer",
    expires_in: eightHoursFromNow, // number (seconds)
    expires_at: new Date(eightHoursFromNow),
  },
  {},
);

Maybe I'm doing something wrong? I would highly appreciate any help/tips/ideas.

Steps to Reproduce

// index.ts
import fastify, {
  FastifyInstance,
  FastifyReply,
  FastifyRequest,
} from "fastify";
import fp, { PluginMetadata } from "fastify-plugin";

const app = fastify();
app.register(fastifyOauth2, {
  name: "githubOAuth2",
  credentials: {
    client: {
      id: process.env.GITHUB_CLIENT_ID,
      secret: process.env.GITHUB_CLIENT_SECRET,
    },
    auth: fastifyOauth2.GITHUB_CONFIGURATION,
  },
  startRedirectPath: "/login/oauth/github",
  callbackUri: "http://localhost:4000/login/oauth/github/callback",
  scope: [],
});
app.register(
  fp(async function (fastify: FastifyInstance, opts: PluginMetadata) {
    fastify.decorate(
      "verifyUser",
      async function ( request: FastifyRequest<{Body: { refreshToken: string } }>, reply: FastifyReply, next: (error?: object) => void) {
        const refreshToken = request.body.refreshToken;
        const newToken = await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(refreshToken, {});
        next();
      }
    )}))

app.register(import("@fastify/auth"));
app.after((err) => {});
app.register(fp(privateRoutes));

app.listen({ port: PORT });

// privateRoutes.ts
import { FastifyInstance, FastifyPluginOptions } from "fastify";

export async function privateRoutes( fastify: FastifyInstance, options: FastifyPluginOptions ) {
  fastify.get<{ Body: { refreshToken: string, .... } }>(
    "/project",
    { preHandler: fastify.auth([fastify.verifyUser]) },
    async function (request, reply) {
      reply.send({ success: true });
    },
  );
}

Expected Behavior

Passing refreshToken which is string to await fastify.githubOAuth2.getNewAccessTokenUsingRefreshToken(refreshToken, {}) should give me new access token.

I found a decorating in this plugin https://github.com/fastify/fastify-oauth2/blob/master/index.js#L96
but it doesn't work.

Hello Devs,

I am tweaking module and making some breaking changes (for me). If these are welcoming, I will create a PR soon along with tests.

1. Add request third param in checkStateFunction and generateStateFunction (+ promise support)
2. New option startRedirectCallback + promise support_
3. Update all packages (some are deprecated, some are older)
4. Twitter API support
5. Update documentation according to the latest changes.

Complete Example

const oauthPlugin = require('fastify-oauth2');

const defaultState = require('crypto').randomBytes(10).toString('hex');

fastify.register(oauthPlugin, {
  name: 'facebookOAuth2',
  credentials: {
    client: {
    id: '<CLIENT_ID>',
    secret: '<CLIENT_SECRET>'
  },
    auth: oauthPlugin.FACEBOOK_CONFIGURATION,
  },
  generateStateFunction: async ( request ) => {
    // Perhaps request based state generation?
    return defaultState;
  },
  checkStateFunction: async ( state, request ) => {
    // Perhaps request based state validation?
    if ( state !== defaultState ) {
      throw new Error('Invalid state');
    }
  },
  startRedirectCallback: async ( request, reply ) => {
    const allowedIPs = [
      '127.0.0.1',
      // ...
    ];

    if ( !allowedIPs.includes(request.ip) ) {
      throw new Error('IP not allowed');
      // or
      // reply.code(403).send(new Error('IP not allowed'));
    }
  },
  startRedirectPath: '/login/facebook',
  callbackUri: `https://localhost:8000/login/facebook/callback`,
  //scope: 'email,public_profile',
});

fastify.get('/connect/facebook/callback', async function ( request, reply ) {
  try {
    const result = await this.facebookOAuth2.getAccessTokenFromAuthorizationCodeFlow(request);

    // Some complex logic here

    return result;
  } catch ( e ) {
    return e;
  }
});

If looks good. I will create a PR oi

This is one of our few plugins that does not work with fastify v2.
@allevo can you do a quick PR to update?

cc @fastify/fastify

🐛 Bug Report

The default export in index.s.ts is incorrect.

It works with require('fastify-oauth2'), but it is buggy when used with import * as fastifyOAuth2 from 'fastify-oauth2' because the it forces us to do fastifyOAuth2.default which is undefined.

It should be export = fastifyOauth2 like all other Fastify plugins so it works consistently for everyone, regardless if they use require, import * as ... or import fastifyOauth2 with esModuleInterop: true.

To Reproduce

Steps to reproduce the behavior:

import * as fastifyOAuth2 from 'fastify-oauth2';

console.log(fastifyOAuth2.LINKEDIN_CONFIGURATION); // Property 'LINKEDIN_CONFIGURATION' does not exist on type 'typeof import("<my project path>/node_modules/fastify-oauth2/index")'.ts(2339)

console.log(fastifyOAuth2.default); // undefined

Expected behavior

A clear and concise description of what you expected to happen.

import * as fastifyOAuth2 from 'fastify-oauth2';

console.log(fastifyOAuth2.LINKEDIN_CONFIGURATION); // See expected output below which works when using require().
// {
//   authorizeHost: 'https://www.linkedin.com',
//   authorizePath: '/oauth/v2/authorization',
//   tokenHost: 'https://www.linkedin.com',
//   tokenPath: '/oauth/v2/accessToken'
// }

Your Environment

• node version: 12.16.3
• fastify version: 2.13.1
• os: Windows 10

Fix

I am happy to submit a PR if necessary.

🚀 Feature Proposal

The End-Point generated in this plugin should show in the document generate by fastify-swagger.

Motivation

To provide a well documented API document.

Example

Pass Schema or Tags only in register

fastify.register(oauthPlugin, {
  name: 'customOauth2',
  schema: {
     SCHEMA
  },
  credentials: {
    client: {
      id: '<CLIENT_ID>',
      secret: '<CLIENT_SECRET>'
    },
    auth: {
      authorizeHost: 'https://my-site.com',
      authorizePath: '/authorize',
      tokenHost: 'https://token.my-site.com',
      tokenPath: '/api/token'
    }
  },
  startRedirectPath: '/login',
  callbackUri: 'http://localhost:3000/login/callback'
})

fastify.register(oauthPlugin, {
  name: 'customOauth2',
  tags: ['Custom', 'OAuth2'],
  credentials: {
    client: {
      id: '<CLIENT_ID>',
      secret: '<CLIENT_SECRET>'
    },
    auth: {
      authorizeHost: 'https://my-site.com',
      authorizePath: '/authorize',
      tokenHost: 'https://token.my-site.com',
      tokenPath: '/api/token'
    }
  },
  startRedirectPath: '/login',
  callbackUri: 'http://localhost:3000/login/callback'
})

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.28.0

Plugin version

No response

Node.js version

16.14.2

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

10

Description

It is impossible to finish auth flow by using VKONTAKTE plugin.

Official flow (https://dev.vk.com/api/access-token/authcode-flow-user) contains of 2 steps.

1. Resive code from VK server (it is works fine), by REDIRECT_URI?code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a

2. Get access toaken by https://oauth.vk.com/access_token?client_id=1&client_secret=H2Pk8htyFD8024mZaPHm&redirect_uri=http://mysite.ru&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a

Second point each time returns that user unauthorised.

The root case of the problem is that fastify create access_token URL without all needed params, it just passed code and redirect_uri:
https://oauth.vk.com/access_token?redirect_uri=http://mysite.ru&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a

Absent: client_id, client_secret.

In this file node_modules/@fastify/oauth2/index.js, we have a function wich adding only code and redirect_uri params:

  const cbk = function (o, code, callback) {
    return callbackify(o.oauth2.authorizationCode.getToken.bind(o.oauth2.authorizationCode, {
      code: code,
      redirect_uri: callbackUri
    }))(callback)
  }

Probably issue in it, we need also pass here client_id and client_secret.

If there is any workarounds how to solve this problem by adding extra options to plugin initialization, please let me know.

NOTE: probably faster fix will be to create accessToakenUriParams object in options and pass it to cbk.

Steps to Reproduce

const fastify = require('fastify')({ logger: { level: 'trace' } })

// const oauthPlugin = require('fastify-oauth2')
const oauthPlugin = require('..')

fastify.register(oauthPlugin, {
  name: 'vkOAuth2',
  scope: ['email'],
  credentials: {
    client: {
      id: process.env.CLIENT_ID,
      secret: process.env.CLIENT_SECRET
    },
    auth: oauthPlugin.VKONTAKTE_CONFIGURATION
  },
  startRedirectPath: '/login/vk',
  callbackUri: `http://localhost:${process.env.PORT}/login/vk/callback`
})

fastify.get('/login/vk/callback', async (req, reply) => {
  const token = await fastify.vkOAuth2.getAccessTokenFromAuthorizationCodeFlow(req)

  console.log(token)
  reply.send({ access_token: token.access_token })
})

fastify.listen(process.env.PORT, (err, address) => {
  if (err) {
    fastify.log.error(err)
    process.exit(1)
  }
  fastify.log.info(`server listening on ${address}`)
})

Expected Behavior

No response

I noticed that scope: 'profile' isn't returning the users email.
This might be a problem on my side but I was wondering if there are any other values for the scope parameter then profile. Although I would have expected that profile includes the email

support typescript

oauthPlugin.LINKEDIN_CONFIGURATION = {
authorizeHost: 'https://www.linkedin.com',
authorizePath: '/oauth/v2/authorization',
tokenHost: 'https://www.linkedin.com',
tokenPath: '/oauth/v2/accessToken'
}

Noticed that you added another configuration type

Right now the plugin assigns a static GET route on boot up. This approach doesn't allow usage of request hooks or cleanly accessing the request object on the redirect path.

#38 is on the right track, but is still high level. I propose removing some enforcing logic inside the startRedirectHandler. Other functions could be created and exposed to the decorator that would allow one to get the authorization url. Those functions could be reused inside the startRedirectHandler. This would ensure there is no breaking change.

Hi, thanks for creating this!

I looked at the simple-oauth2 package and I would like to use fastify-oauth2 with my own user database and not rely on X company.

I tried playing around a little but I couldn't make the plugin work without a provider or client's key.

Is there any plans to add this possibility in the future?

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.1.0

Plugin version

5.0.0

Node.js version

16.10.0

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

20.04

Description

I'm trying to use @fastify/oauth2 to implement Facebook Login and registering it like this:

app.register(oauth2, {
  name: 'facebookOAuth2',
  credentials: {
    client: {
      id: FACEBOOK_ID!,
      secret: FACEBOOK_SECRET!,
    },
    auth: oauth2.FACEBOOK_CONFIGURATION,
  },
  startRedirectPath: '/login/facebook',
  callbackUri: 'http://localhost:3000/login/facebook/callback',
  scope: [],
});

then, when I try to use the plugin:

app.get('/auth/signin/facebook', async (request: FastifyRequest, reply: FastifyReply) => {
  const token = await app.facebookOAuth2.getAccessTokenFromAuthorizationCodeFlow(request);

  console.log(token.access_token);

  return { access_token: token.access_token };
});

I'm getting this error:

Property 'facebookOAuth2' does not exist on type 'FastifyInstance<Server, IncomingMessage, ServerResponse, FastifyLoggerInstance, FastifyTypeProviderDefault>'.ts(2339)

Steps to Reproduce

Just try to register @fastify/oauth2 and use it as I'm doing it

Expected Behavior

I expect to be able to successfully use @fastify/oauth2

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

It seems that this plugin specializes in getting OAuth access tokens from different OAuth providers as well as supporting refreshing. Is there another plugin that is recommended for how you'd cache and store these tokens for clients?

There's a cool express package that handles this OAuth workflow in addition to taking care of the storage of the token as seen here - https://github.com/auth0/express-openid-connect

Are there plans to continue building the fastify-oauth2 plugin to include OIDC support and token caching so routes can be tagged as needing authorization?

Maybe this handles everything for fastify? https://github.com/fastify/fastify-passport

🐛 Bug Report

Yesterday we have upgraded to v3.3.1 and the LinkedIn OAuth stopped working on https://roomler.live. All other OAuths (FB, Gmail, Github) still work.

LinkedIn fails with the following error:

'A required parameter "client_id" is missing'

I tracked down to simple-oauth2's client.js:

async request(url, params, opts) {
    const requestOptions = new RequestOptions(this.config, params);
    const options = requestOptions.toObject(opts);

    debug('Creating request to: (POST) %s', url);
    debug('Using request options: %j', options);

    const response = await this.client.post(url, options); // FAILS HERE

    return response.payload;
  }

during registration of the fastify-oauth2 plugin for LinkedIn OAuth, I debugged and we are passing the the proper client object with id and secret in it.

So not sure if there was some structural change in fastify-oauth2 or you think it's simple-oauth2 issue.

To Reproduce

Steps to reproduce the behavior:

linkedin-options.js

const oauthPlugin = require('fastify-oauth2')
const config = require('../../../config')
const defaultState = require('./default-state')
module.exports = {
  name: 'linkedin',
  credentials: {
    client: {
      id: process.env.LINKEDIN_ID,
      secret: process.env.LINKEDIN_SECRET
    },
    auth: oauthPlugin.LINKEDIN_CONFIGURATION
  },
  startRedirectPath: '/oauth/login/linkedin',
  callbackUri: `${config.appSettings.env.URL}/@/oauth/callback/linkedin`,
  scope: ['r_emailaddress', 'r_liteprofile'],
  generateStateFunction: () => {
    return defaultState
  },
  checkStateFunction: (state, callback) => {
    require('./default-check-state')(defaultState, state, callback)
  }
}

oauth-controller.js

class OAuthController {
  async getOrCreate (request, reply) {
    const type = request.query.type
    const oauthConfig = this[type] // type="linkedin"
    if (!oauthConfig) {
      throw new TypeError(`Unsupported OAuth type: ${type}`)
    }
    const access = await oauthConfig.getAccessTokenFromAuthorizationCodeFlow(request) // FAILS HERE
    ...
  }

api.js

await fastify.register(require('fastify-oauth2'), linkedinOptions)

Expected behavior

A proper LinkedIn token should have been returned.

Your Environment

• node version: v14.4.0
• fastify version: 3.0.0
• os: Win10

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the issue has not already been raised

Issue

Hello, i wonder how this libary is dealing with Proof Key for Code Exchange (https://oauth.net/2/pkce/).
As I understand correctly and checking out the code there is a generateStateFunction and checkStateFunction which is used to compare the state object (once generated on startup). To apply PKCE, do I need to implement my own generateStateFunction & checkStateFunction or is pkce already covered?

🐛 Bug Report

Missing TS definition for generateAuthorizationUri

To Reproduce

Try calling it:

server.get('/', async (request, reply) => {
    const googleLoginUri = server[googleOAuthNamespace].generateAuthorizationUri(request);

Expected behavior

No squiggles.

Your Environment

• node version: 14
• fastify version: 3.4.1
• fastify-oauth2: 4.2.1

I had to hack it in to avoid the error:

const googleOAuthNamespace = 'googleOAuth2'

declare module 'fastify' {
    interface FastifyInstance {
        [googleOAuthNamespace]: OAuth2Namespace & {
            generateAuthorizationUri(req: any): string
        }
    }
}

Hello can you add twitch configuration please

callback: (token: OAuth2Token) => void, is probably not right
it should be like (err, result) =>

interface OAuth2Namespace {
    getAccessTokenFromAuthorizationCodeFlow(
      request: FastifyRequest,
    ): Promise<OAuth2Token>;

    getAccessTokenFromAuthorizationCodeFlow(
      request: FastifyRequest,
      callback: (token: OAuth2Token) => void,
    ): void;

    getNewAccessTokenUsingRefreshToken(
      refreshToken: string,
      params: Object,
      callback: (token: OAuth2Token) => void,
    ): void;

    getNewAccessTokenUsingRefreshToken(refreshToken: string, params: Object): Promise<OAuth2Token>;
  }

Also I had to do:

declare module 'fastify' {
    export interface FastifyInstance {
        googleOAuth2: OAuth2Namespace
    }
}

Maybe there is a way to integrate it into the lib

If we look at https://github.com/lelylan/simple-oauth2/pulls, it seems that fixes/prs are waiting to be applied there.

Maybe we should think about a different dependency to use.

As the title states, I'm looking for the best way to leverage the latest changes.
Is there anything like an @next dist-tag that can be leveraged, or does the code have to be built manually?

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

The plugin makes it already possible to extend the OAuth2 callback parameters via callbackUriParams. The same way an option is required to extend the parameters that are send via the oauth2.getToken call as some services expect additional parameters here.

Currently only code and redirect_url are send which can not be influenced.

Motivation

This plugin can currently not be used to authenticate against the Strava API OAuth2.0 flow.

Step 11 shows that client_id and client_secret need to be send to retrieve tokens:

curl -X POST https://www.strava.com/oauth/token \
	-F client_id=YOURCLIENTID \
	-F client_secret=YOURCLIENTSECRET \
	-F code=AUTHORIZATIONCODE \
	-F grant_type=authorization_code

Example

With a new parameter getTokenParams, the plugin could be configured like this:

server.register(oauthPlugin, {
        name: 'stravaOauth2',
        scope: ['activity:read_all'],
        credentials: {
            client: { id: STRAVA_OAUTH_CLIENT_ID, secret: STRAVA_OAUTH_SECRET },
            auth: {
                authorizeHost: STRAVA_OAUTH_HOST,
                authorizePath: STRAVA_OAUTH_AUTH_PATH,
                tokenHost: STRAVA_OAUTH_HOST,
                tokenPath: STRAVA_OAUTH_TOKEN_PATH,
            }
        },
        callbackUri: `${SERVER_DOMAIN}/strava/login/callback`,
        /* new option */
        getTokenParams: {
            client_id: STRAVA_OAUTH_CLIENT_ID,
            client_secret: STRAVA_OAUTH_SECRET
        }
    })

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.24.1

Plugin version

4.4.0

Node.js version

16.13.0

Operating system

Windows

Operating system version (i.e. 20.04, 11.3, 10)

11

Description

Cannot find module '...\node_modules\date-fns\index.js'. Please verify that the package.json has a valid "main" entry.

I checked the installed files of the date-fns package and didn't see the index.js (or index.ts) file.

Steps to Reproduce

npm install fasify-oauth2 (yarn add fasify-oauth2)
npm run dev (yarn dev)
got the error Cannot find module '...\node_modules\date-fns\index.js'. Please verify that the package.json has a valid "main" entry.

Expected Behavior

don't have any errors

🚀 Feature Proposal

simple-oauth2 supports a way to easily refresh access tokens by using the refresh_token (which you get if you request the offline scope:

const AccessToken = require('simple-oauth2/lib/access-token')

async function refresh(tokenObject) {
  const token = new AccessToken(tokenObject);
  const refreshedToken = await token.refresh()

  return refreshedToken()
}

const token = {} // ... get token somehow
await refresh(token)

It would be cool to expose some shortcut in the fastify plugin to do this, given a OAuth2 token object

Motivation

We already have a nice this.getAccessTokenFromAuthorizationCodeFlow(request) helper function. It would be nice to have something similar for renewing tokens as well.

What do you think?

I am happy to provide an implementation, if this idea makes sense for everyone.

Example

(see above)

🐛 Bug Report

Always receiving the Error: Invalid state while using a custom oauthPlugin as stated in sample.

To Reproduce

Steps to reproduce the behavior:
I am trying to connect to Splitwise API.

1. Create a custom oauthPlugin as mentioned in the sample

fastify.register(oauthPlugin, {
	name:  'customOauth2',
	credentials: {
	client: {
	id:  'key',
	secret:  'secret'
	},
	auth: {
	authorizeHost:  'https://secure.splitwise.com',
	authorizePath:  '/oauth/authorize',
	tokenHost:  'https://secure.splitwise.com',
	tokenPath:  '/oauth/token'
		}
			},

	startRedirectPath:  '/login',
	callbackUri:  'http://localhost:3000/login/callback'
});

2. Registered the route with fastify.

fastify.get("/login/callback", async (request, reply) => {
try {
	console.log('PARAMETERS ARE',JSON.stringify(request.query));
	const  authorizationEndpoint = await  fastify.customOauth2.getAccessTokenFromAuthorizationCodeFlow(request)
	console.log(authorizationEndpoint);
	return { sucess:  false };
} catch (error) {
	console.error(error);
	return { sucess:  false };
}
});```

## Expected behavior

Should recieve the TOKEN as mentioned in sample
-   `access_token`
-   `refresh_token`  (optional, only if the  `offline scope`  was originally requested)
-   `token_type`  (generally  `'bearer'`)
-   `expires_in`  (number of seconds for the token to expire, e.g.  `240000`)

Observations & head-banging so far :-(

I placed some console logs, in the library to find out, why is the state mismatched?
I observed, at the start of the server, a default state is set using:

const  defaultState = require('crypto').randomBytes(10).toString('hex');

The parameters received from the authorize UI is pretty decent as:

  PARAMETERS ARE {"code":"tfo8iycHkQUyVHnGeNYE","state":"fb09f28f167f8d9bfdd8"}

However, in the library's "defaultCheckStateFunction", it does not consider/set the new state received & tries to match with the hex generated above.

function  defaultCheckStateFunction (state, callback) {
    console.log('INSIDE defaultCheckStateFunction',state,'defaultState::::::::', defaultState);
    if (state === defaultState) {
    console.log('INSIDE defaultCheckStateFunction',state,'defaultState::::::::', defaultState);
    callback()
    return
}
    console.log('ERROR****************************',state,'defaultState::::::::', defaultState);
    callback(new  Error('Invalid state')) 
}

Output is received as below which clearly states a mismatch:

INSIDE defaultCheckStateFunction ***fb09f28f167f8d9bfdd8*** defaultState:::::::: ***89babc7653ca394b8528***
ERROR**************************** ***fb09f28f167f8d9bfdd8*** defaultState:::::::: ***89babc7653ca394b8528***
inside check STATE fb09f28f167f8d9bfdd8
Error: Invalid state

I have also tried using the custom function to generate the state as mentioned in the sample document, but it never executes the generateStateFunction

This seems to be some kind of bug, any help is appreciated.
Thanks in advance.

Looking forward to her from you guys very soon.

Your Environment

• node version: 14
• fastify version: >=3.14.1
• os: Windows,
• • "fastify-oauth2": "^4.2.1"*

🚀 Feature Proposal

Generate the state with information on the request.

Motivation

I have information on the queryParams that I need it when the request returns from the OAuth flow. The generateStateFunction does not receive any parameters and in callbackUriParams there is not access to the request.

Example

 fastify.register(oauthPlugin, {
 ...
 generateStateFunction: (request) => {
      // Do something with the request and return a state
      return request.query.code
  }
 })

I can create the pr for this if this is aligned with the idea of the library. Basically is to inject the request to the generateStateFunction here: code

Prerequisites

• I have written a descriptive issue title
• I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

It would be useful if there was a way to define the route and callback URI ourselves in runtime, rather than once at boot.

For example if calling from the web I'd want for the callback: https://example.com/login/google/callback

But for my native apps calling the same API I'd use the app identifier appname://login/google/callback

Unless I'm missing something this isn't possible with the current API.

Motivation

Serve both web and native apps with the same code

Example

app.get('/auth/login/google', { schema: oauthGoogleSchema }, async function loginGoogleHandler(request, response) {
  const loginUrl = oauthPlugin.getLoginUrl({
    {
    name: 'googleOAuth2',
    credentials: {
      client: {
        id: '<CLIENT_ID>',
        secret: '<CLIENT_SECRET>'
      },
      auth: oauthPlugin.GOOGLE_CONFIGURATION,
      callbackUri: request.query.callbackUri
    }
  })

  response.redirect(loginUrl)
})

Can you please implement Twitter Auth?

💥 Regression Report

I have a web application where I am using LinkedIn OAuth where I used version 3.3.0 of this plugin. All worked fine.

Once I have upgraded fastify from version 2.14.1 to 3.1.1 and this plugin to 3.4.0, I started getting Response Error: 400 Bad Request. I have not tested other providers besides LinkedIn, so I don't know if this issue is specific to LinkedIn or not.

From the little debugging I did, I know for sure that the error is thrown from inside the plugin, not my code. If I downgrade back to 3.3.0 and keep fastify on 3.1.1, everything works fine.

I don't have time at the moment, but I can setup a test repository and debug the issue later this month if it does not get resolved by then. For now I will keep my code base on 3.3.0.

Last working version

Worked up to version: 3.3.0
Stopped working in version: 3.4.0

To Reproduce

1. Install [email protected].
2. Install [email protected]
3. Configure LinkedIn OAuth.

Expected behavior

Everything works just like it did with v3.3.0

Your Environment

• node version: 12
• fastify version: 3.1.1
• os: Windows