Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Return access_token with user profile at end of OAuth flow #37

Closed
wants to merge 1 commit into from
Closed

[Enhancement] Return access_token with user profile at end of OAuth flow #37

wants to merge 1 commit into from

Conversation

benbarbersmith
Copy link

Summary

This enhancement returns the user's access_token with user profile at end of the OAuth flow. I needed this in the process of migrating from Sapper and Passport to Svelte-kit and sk-auth in order to facilitate additional API calls after OAuth.

Context

Projects using OAuth often do so in order to acquire suitable access_tokens with specifically requested scopes.

For example, a project might use Google OAuth with the scopes https://www.googleapis.com/auth/youtube.upload and https://www.googleapis.com/auth/youtube in order to use the YouTube Data API on behalf of a user to check private information and upload videos.

sk-auth does not currently expose the user's access_token to Svelte-kit at the end of the OAuth flow.

Solution

This pull request makes it super easy to get the user's access_token by adding it to the profile object returned by getUserProfile.

@Dan6erbond
Copy link
Owner

Dan6erbond commented Jun 3, 2021
edited
Loading

Hi there, thanks for creating this pull request! This is actually done by design, in order to reduce clutter in the returned profile and enable proper typing.

SvelteKitAuth tokens differently. If you need access to the tokens returned by the initial getTokens() method, then you can make use of the profile() callback within the OAuth2Provider:

export interface OAuth2Tokens {
  access_token: string;
  token_type: string;
}

export type ProfileCallback<ProfileType = any, TokensType = any, ReturnType = any> = (
  profile: ProfileType,
  tokens: TokensType,
) => ReturnType | Promise<ReturnType>;

export interface OAuth2BaseProviderConfig<ProfileType = any, TokensType = any>
  extends ProviderConfig {
  profile?: ProfileCallback<ProfileType, TokensType>;
}

The callback receives the profile and tokens, and must return the profile which is then stored in the JWT.

The demo app actually does this to transform profiles and add provider information:

new GoogleOAuth2Provider({
  clientId: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_ID,
  clientSecret: import.meta.env.VITE_GOOGLE_OAUTH_CLIENT_SECRET,
  profile(profile) {
    return { ...profile, provider: "google" };
  },
}),

The callback can also be asynchronous, so if you want to include those in the actual profile or use them to make additional requests, you would do that in profile() which is similar to how NextAuth.js handles the OAuth flow.

@Dan6erbond Dan6erbond closed this Jun 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benbarbersmith @Dan6erbond