passport-slack-oauth2 icon indicating copy to clipboard operation
passport-slack-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon nmaves

Override handleOAuthAccessTokenResponse to parse Slack's OAuth2 v2 token response

Open jonstorer opened this issue 1 year ago • 0 comments

Please see https://github.com/jaredhanson/passport-oauth2/pull/174 AND https://github.com/nmaves/passport-slack-oauth2/issues/9

Slack's OAuth2 v2 implementation overloads the OAuthTokenResponse json payload to return multiple tokens. The root of the json object is for bot tokens & user tokens exist in a property called authed_user.

Passport is designed to authenticate Users. When passport attempts to use the root level accessToken, it either does not exist (no bot scopes provided in authorization request) or is a bot token.

This change leverages a new hook in the passport-oauth2 library to reformat the OAuthTokenResponse payload to set the correct accessToken, refreshToken, and params for the following scenarios:

  • user
  • user and bot
  • bot

The profileUrl is no longer defaulted during configuration. When the profile is not being skipped & a custom profileUrl was not provided, the profileUrl is set during handleOAuthAccessTokenResponse depending on which token is the root of the params object.

if this is merged, the README should be updated to emphasize the verify callback that accepts the params object from the OAuthTokenResponse request.

the params object will be reformatted to:

user_scope - user only

{
  id: 'user-id',
  scope: 'user-scope-1,user-scope-2',
  token_type: 'user',
  access_token: 'user-access-token',
  refresh_token: undefined,
  authed_user: {
    id: 'user-id',
    scope: 'user-scope-1,user-scope-2',
    access_token: 'user-access-token',
    token_type: 'user'
  },
  authed_bot: {}
}

scope - bot only

{
  id: 'bot-user-id',
  scope: 'bot-scope-1,bot-scope-2',
  token_type: 'bot',
  access_token: 'bot-token',
  refresh_token: undefined,
  authed_user: { id: 'user-id' },
  authed_bot: {
    id: 'bot-user-id',
    scope: 'bot-scope-1,bot-scope-2',
    token_type: 'bot',
    access_token: 'bot-token',
    refresh_token: undefined
  }
}

scope & user_scope - bot & user

{
  id: 'user-id',
  scope: 'user-scope-1,user-scope-2',
  token_type: 'user',
  access_token: 'user-access-token',
  refresh_token: undefined,
  authed_user: {
    id: 'user-id',
    scope: 'user-scope-1,user-scope-2',
    access_token: 'user-access-token',
    token_type: 'user'
  },
  authed_bot: {
    id: 'bot-user-id',
    scope: 'bot-scope-1,bot-scope-2',
    token_type: 'bot',
    access_token: 'bot-token',
    refresh_token: undefined
  }
}

jonstorer avatar May 11 '23 20:05 jonstorer