0

I used passportjs and passport-github to create a social login in my application,

passport.use(new GithubStrategy(
  {
    clientID     : configAuth.githubAuth.clientID,
    clientSecret : configAuth.githubAuth.clientSecret,
    callbackURL  : configAuth.githubAuth.callbackURL
  },
  function(token, refreshToken, profile, done) {
    process.nextTick(function() {
      User.findOne({'github.id' : profile.id}, function(err, user) {
        if (err) {
          return done(err);
        }
        if (user) {
          return done(null, user);
        } else {
          var newUser = new User();
          newUser.github.id = profile.id,
          newUser.token     = token,
          newUser.name      = profile.displayName;
          newUser.email     = profile.emails[0].value;
          newUser.username  = profile.username;
          // save
          newUser.save(function(err){
            if (err) {
              throw err;
            }

            return done(null, newUser);
          });
        }
      });
    });
  }
));

Now I am using another component called octonode, which requires a access_token to authenticate its user, was the token in the callback the same as this access_token, because I do not seem like authenticated when doing this:

var github = require('octonode');

exports.read = function (req, res, next) {

  var client = github.client();
  client.get('/user?access_token=' + req.user.token, {}, function (err, status, body, headers) {
    res.json(body);
  });
};

And also tried doing this:

var client = github.client(req.user.token);
client.get('/user',{}, function...)

I get a blank screen, meaning no response.

Improve this question
9
  • And you've verified that req.user.token is actually returning the token value? Commented Sep 4, 2014 at 1:56
  • yes, it is actually returning a value, some jibberish hash. Commented Sep 4, 2014 at 2:04
  • I guess, the req.user.token is different from the token returned by github. Commented Sep 4, 2014 at 2:11
  • Can you verify this? I've taken a different approach in how I store/access the token, but the token you are saving looks to be correct. Commented Sep 4, 2014 at 2:20
  • 1
    In fact, I usually update most properties, to get any updates the user has made as well. Commented Sep 4, 2014 at 2:27

1 Answer 1

Reset to default
4

Alright, as one answer in SO states that:

Note that Passport does not actively use the access token or refresh token, other than to fetch the user profile during login. You're application is responsible for using these tokens when making whatever API requests are necessary. As such, you can implement either method you describe, Passport is not involved in the process.

The access_tokens are returned to you, but it does not handle it after, you are the one responsible to save it or to do whatever you want.

My code is basically inspired by a tutorial in Scotch.io's facebook auth using passport. There they do not update the token every login, because they need not in their tutorial, but they do save it in the database, check their source code

With few a few comments, and debugging, I found that that is the culprit in my application, so I need to update the condition that states if a user is found, update the token, and some values so some important info will persists on login.

if (user) {
   user.token = token;
   user.name  = profile.displayName;
   user.email = profile.emails[0].value;
   user.save();
   return done(null, user);
}

And now this will work out just fine:

var client = github.client(req.user.token);
client.get('/user', {}, function (err, status, body, headers) {
    res.json(body);
});

Thanks to @MikeSmithDev for helping me out.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.