Comments (8)
@benrolfe I got mine working, you simply have to generate a refresh token during the exchange and pass the optional refreshToken parameter to the exchange callback. Below is an example of the callback. Hope that helps!
server.exchange(oauth2orize.exchange.code((client, code, redirectUri, done) => {
// Check the auth code
// Destory auth code
// Create access token
// create refresh token
...
return done(null, token, refreshToken, { expires: 3600});
...
}));
from oauth2orize.
I would like some information on this as well, the documentation states that refresh token support is bundled yet shows no examples. Thanks in advance!
from oauth2orize.
Are you able to help @jaredhanson?
from oauth2orize.
@jesseg34 Thanks for the tip, that's exactly what I needed.
On a related note, when you exchange a refresh token for a new access token, should I expect to receive a new refresh token?
This is what I get back after the exchange:
access_token: "eyJhbGmtOIEJkIdMtX3L5tsEA.............dTLpGy4n8hefXae5cYoiFvIXg"
expires_in: 3153600000
token_type: "Bearer"
from oauth2orize.
This is more of an implementation decision however the short answer is no. Refresh tokens are meant to be long-lived and normally do not expire.
Some more reference:
- https://stackoverflow.com/questions/8953983/do-google-refresh-tokens-expire
- https://alexbilbie.com/guide-to-oauth-2-grants/
from oauth2orize.
Does this logic work with the 'basic' strategy? Or is there a need to define your own custom strategy?
from oauth2orize.
Be aware that for security reasons, some flows do not allow refresh tokens such as implicit grant type flow: https://tools.ietf.org/html/rfc6749#section-9
from oauth2orize.
@benrolfe I got mine working, you simply have to generate a refresh token during the exchange and pass the optional refreshToken parameter to the exchange callback. Below is an example of the callback. Hope that helps!
server.exchange(oauth2orize.exchange.code((client, code, redirectUri, done) => { // Check the auth code // Destory auth code // Create access token // create refresh token ... return done(null, token, refreshToken, { expires: 3600}); ... }));
It worked
from oauth2orize.
Related Issues (20)
- [Decision/Grant] ForbiddenError: Unable to load OAuth 2.0 transactions HOT 1
- When access token will be expired, and does it auto refresh token? HOT 1
- complete callback is never called on decision middleware HOT 1
- Is this still maintained ? HOT 2
- Token middleware does not call application server's "next" HOT 1
- request.oauth2.transactionId is undefined HOT 1
- How to send refresh token next to access token after authorization? HOT 1
- How to determine if user is logged in at the client-side? HOT 1
- TokenError defaults don't follow the RFC 6749
- Deny Oauth HOT 2
- Including the RFC-7662 (token introspection) HOT 1
- Porting to Koa2
- "client is not defined" on code -> token exchange. HOT 3
- Get token when parse client-id and client-secret without basic authentication
- Authorization Code redirect call in case of error HOT 2
- Unable to get the exchange token HOT 1
- Out of date Dependencies!
- Authorization code is not revoked after exchanging it for token HOT 1
- Support async function to replace `done()`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2orize.