axa-group
How to return a profile to callback
How would I return profile object to an OAuth2Strategy callback.
const strategy = new OAuth2Strategy(
{
state: true,
authorizationURL: `${process.env.MOCK_AUTH_SERVER_URL}/authorize`,
tokenURL: `${process.env.MOCK_AUTH_SERVER_URL}/token`,
clientID: "xxx",
clientSecret: "xxx",
callbackURL: `${process.env.SERVER_URL}/callback`,
passReqToCallback: true,
},
async (accessToken, refershToken, profile, done) => {
console.log("profile = ", profile);
if (profile) {
return done(null, profile);
}
} );
I tried updating the tokenEndpointResponse int the beforeResponse emitter but that didn't work.
let server = new OAuth2Server();
await server.issuer.keys.generate("RS256");
await server.start(3003, "localhost");
server.service.once("beforeResponse", (tokenEndpointResponse, req) => {
tokenEndpointResponse.profile = {
...tokenEndpointResponse.body,
id: tokenEndpointResponse.body.id_token,
};
});
Anyone any idea how I might be able to send back profile, accessToken and a refershToken ? Currently I get back a hash string from profile. example: 0edd82bc-a48c-4a59-8bd6-e79cccc8b2d8
:wave: @eric-personal Hey! Sorry for the delay. It seems I missed the notification on this issue.
I'm a little lost here. Could you explain what you're trying to achieve? What's the overall context? What's an OAuth2Strategy?
Maybe an end to end repro case putting under the light what doesn't work and pointing out what you're trying to do would also help us get quicker up to speed.
Thanks @nulltoken OAuth2Strategy is passport. http://www.passportjs.org/packages/passport-oauth2/ I'll try to put something together in the next few days as the project I'm using your mock server on is pretty large.
Basically what I'm trying to test is similar to when someone uses Oauth2 for a login flow. I'd like to fake a profile data which you usually get with when using a login like google oauth. Usually durning the login flow you can do an extra call to get users profile data like email and user id.
router.get(
"/auth/login",
passport.authenticate("oauth2", { scope: ["profile"] })
);
strategy.userProfile = function (accessToken, done) {
// do call to get user profile scope
// return profile data like id or email
};
I'd like to bypass this and send back that data via your mocks. I though I might be able to do add that mock profile data to one of your event calls before it reaches the callback in an OAuth2 flow. That's why I gave the "beforeResponse" event example in my first post.
@eric-personal I don't know whether you want to return profile info right away for convenience but classically you would request to another endpoint in the resource server using the access_token provided in the auth grant flow. In that sense, I think you're better off augmenting the response body during beforeUserInfo callback
OAuth 2 won't return profile info as part of the access token response. Passport will fetch the profile on its own after obtaining the token, but only for provider-specific (e.g. Facebook, Twitter) strategies. The generic OAuth2Strategy will actually return an empty object:
OAuth2Strategy.prototype.userProfile = function(accessToken, done) {
return done(null, {});
};
Probably your best approach would be to extend OAuth2Strategy so it fetches the profile from the right place.
