oauth2orize.exchange.code with custom params

[lhernandez772]

trafficstars

Hi, is there any way to add custom parameters in oauth2orize.exchange.code ?

eg something like:

oauth.exchange.code(function(client, code, customparam1,customparam2,redirectURI, done)

[jaredhanson]

Can you please describe a use case in terms of the OAuth 2.0 protocol?

[eladidan]

+1 for this. Re-visiting this here despite it being an old issue, so as not to duplicate. In terms of adhering to OAuth 2.0 protocol, it seems to me that according to this: https://tools.ietf.org/html/rfc6749#section-5.1 Custom parameters are supported. As in the example response:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache0

{
  "access_token":"2YotnFZFEjr1zCsicMWpAA",
  "token_type":"example",
  "expires_in":3600,
  "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
  "example_parameter":"example_value"
}

My use-case: We are using oauth2 for webhook authorization for 3rd party services. We would like to return the resource_owner_id back to the client since this is an id generate by us and will be used in the webhook data that we send.

[eladidan]

Found the way to do this: Apparently the token exchange callback takes a third argument params that is an object that will be merged with the token and exchange token: https://github.com/jaredhanson/oauth2orize/blob/7003c4791567e10f5e5a2224de543edc2d7e0983/lib/exchange/authorizationCode.js#L80

[racasado]

I believe the answer to this question is a bit further down in the code. The question was not about parameters in the response, it was about parameters in the callback.

https://github.com/jaredhanson/oauth2orize/blob/3cd98f8428316711caad864f9f5f45cef9208477/lib/exchange/authorizationCode.js#L102

You can have 4, 5 o 6 parameters in the callback function, although it looks like it is restricted to req.body, req.authInfo.