fastify-oauth2 icon indicating copy to clipboard operation
fastify-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon fastify

getNewAccessTokenUsingRefreshToken should return OAuth2Token instance but doesn't

Open philippedasilva-orizone opened this issue 2 years ago • 4 comments

Prerequisites

  • [X] I have written a descriptive issue title
  • [X] I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.27.4

Plugin version

4.5.0

Node.js version

16.14.2

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

12.3.1

Description

While trying to implement the feature letting me refresh my Google access_token using the previously emitted refresh_token using getNewAccessTokenUsingRefreshToken() method and when I try to get it back to the client, I receive an error stating we're trying to stringify a circular JSON object while we expect to have a OAuth2Token instance.

Steps to Reproduce

  • create a simple fastify app
  • add the fastify-oauth2 package
  • setup google oauth credentials (I didn't test but based on the code I suppose it should be reproduced for any oauth option out there)
  • add the following code to a new typescript file under the routes directory:
fastify.get("/auth/google/refresh", async (request, reply) => {
    const refresh_token = (request.query as { refresh_token: string })
      .refresh_token;
    const response =
      await fastify.googleOAuth2.getNewAccessTokenUsingRefreshToken(
        refresh_token,
        {}
      );
    reply.send(response);
  });
  • perform a simple call using any rest client on the route and note the error on the terminal running the server

Expected Behavior

I expect to receive a Oauth2Token instance (if the refresh token is obviously correct) that would have the following structure: export interface OAuth2Token { token_type: 'bearer'; access_token: string; refresh_token?: string; expires_in: number; }

philippedasilva-orizone avatar Apr 13 '22 00:04 philippedasilva-orizone

After some investigation on the code, I believe the issue lies in this line:

    const accessToken = fastify[name].oauth2.accessToken.create({ refresh_token: refreshToken })

[index.js, line 120]

Per the simple-oauth2 package readme file, I would expect to see something more under the lines of:

async function run() {
  const accessTokenJSONString = await getPersistedAccessTokenJSON();

  let accessToken = client.createToken(JSON.parse(accessTokenJSONString));
}

run();

Where client is the result of this call: const client = new ClientCredentials(config);

philippedasilva-orizone avatar Apr 13 '22 00:04 philippedasilva-orizone

Did you inspect the getNewAccessTokenUsingRefreshToken 's response? What does it contain?

Eomm avatar Apr 13 '22 16:04 Eomm

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 28 '22 23:04 stale[bot]

This still happens, also they differ in the return values like expires_in and expires_at getAccessTokenFromAuthorizationCodeFlow

 token: {
    access_token: '****************************************',
    expires_in: 604800,
    refresh_token: '****************************************',
    scope: 'email identify guilds',
    token_type: 'Bearer'
  }

getNewAccessTokenUsingRefreshToken

token: AccessToken {
    config: { client: [Object], auth: [Object], options: [Object] },
    client: Client { config: [Object], client: [Object] },
    token: {
      access_token: '****************************************',
      expires_in: 604800,
      refresh_token: '****************************************',
      scope: 'guilds email identify',
      token_type: 'Bearer',
      expires_at: 2022-06-11T20:40:49.329Z
    }
  }

fastify 4.0.0rc2 fastify-oauth2 5.0.0

skizer avatar Jun 04 '22 20:06 skizer