CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-passport-oauth

OAuth 1.0 and 2.0 authentication strategies for Passport.

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

index.mddocs/

Passport OAuth

Passport OAuth provides OAuth 1.0 and OAuth 2.0 authentication strategies for Passport.js. This is a meta-module that combines passport-oauth1 and passport-oauth2 for backwards compatibility with the 0.1.x line of OAuth-based strategies.

Package Information

  • Package Name: passport-oauth
  • Package Type: npm
  • Language: JavaScript
  • Installation: npm install passport-oauth

Core Imports

const { OAuthStrategy, OAuth2Strategy, InternalOAuthError } = require('passport-oauth');

Individual imports:

const OAuthStrategy = require('passport-oauth').OAuthStrategy;
const OAuth2Strategy = require('passport-oauth').OAuth2Strategy;
const InternalOAuthError = require('passport-oauth').InternalOAuthError;

Basic Usage

const { OAuthStrategy, OAuth2Strategy, InternalOAuthError } = require('passport-oauth');
const passport = require('passport');

// OAuth 1.0 strategy
passport.use('twitter', new OAuthStrategy({
  requestTokenURL: 'https://api.twitter.com/oauth/request_token',
  accessTokenURL: 'https://api.twitter.com/oauth/access_token',
  userAuthorizationURL: 'https://api.twitter.com/oauth/authorize',
  consumerKey: 'your-consumer-key',
  consumerSecret: 'your-consumer-secret',
  callbackURL: 'http://localhost:3000/auth/twitter/callback'
}, function(token, tokenSecret, profile, done) {
  // Handle user profile and authentication
  return done(null, profile);
}));

// OAuth 2.0 strategy
passport.use('google', new OAuth2Strategy({
  authorizationURL: 'https://accounts.google.com/oauth2/v2/auth',
  tokenURL: 'https://www.googleapis.com/oauth2/v4/token',
  clientID: 'your-client-id',
  clientSecret: 'your-client-secret',
  callbackURL: 'http://localhost:3000/auth/google/callback'
}, function(accessToken, refreshToken, profile, done) {
  // Handle user profile and authentication
  return done(null, profile);
}));

// Error handling
try {
  // OAuth operations
} catch (error) {
  if (error instanceof InternalOAuthError) {
    console.error('OAuth Error:', error.message);
  }
}

Capabilities

OAuth 1.0 Strategy

Constructor for implementing OAuth 1.0 authentication flows with service providers like Twitter.

/**
 * OAuth 1.0 authentication strategy constructor
 * @param {OAuthOptions} options - Configuration options for OAuth 1.0
 * @param {Function} verify - Verification callback function
 * @constructor
 */
function OAuthStrategy(options, verify);

interface OAuthOptions {
  requestTokenURL: string;     // URL to obtain request token
  accessTokenURL: string;      // URL to obtain access token  
  userAuthorizationURL: string; // URL for user authorization
  consumerKey: string;         // OAuth consumer key
  consumerSecret: string;      // OAuth consumer secret
  callbackURL: string;         // Callback URL after authorization
  signatureMethod?: string;    // Signature method (default: HMAC-SHA1)
  customHeaders?: object;      // Custom headers for requests
  skipUserProfile?: boolean;   // Skip fetching user profile
}

type VerifyCallback = (
  token: string,
  tokenSecret: string, 
  profile: object,
  done: (error: any, user?: any) => void
) => void;

OAuth 2.0 Strategy

Constructor for implementing OAuth 2.0 authentication flows with service providers like Google, Facebook, etc.

/**
 * OAuth 2.0 authentication strategy constructor
 * @param {OAuth2Options} options - Configuration options for OAuth 2.0
 * @param {Function} verify - Verification callback function
 * @constructor
 */
function OAuth2Strategy(options, verify);

interface OAuth2Options {
  authorizationURL: string;    // URL for user authorization
  tokenURL: string;           // URL to obtain access token
  clientID: string;           // OAuth client ID
  clientSecret: string;       // OAuth client secret
  callbackURL: string;        // Callback URL after authorization
  scope?: string | string[];  // OAuth scopes
  scopeSeparator?: string;    // Scope separator (default: space)
  customHeaders?: object;     // Custom headers for requests
  skipUserProfile?: boolean;  // Skip fetching user profile
  pkce?: boolean;            // Use PKCE (Proof Key for Code Exchange)
  state?: boolean;           // Include state parameter
}

type OAuth2VerifyCallback = (
  accessToken: string,
  refreshToken: string,
  profile: object,
  done: (error: any, user?: any) => void
) => void;

Internal OAuth Error

Error constructor for OAuth-related internal errors.

/**
 * Internal OAuth error constructor for handling OAuth-specific errors
 * @param {string} message - Error message
 * @param {object} data - Additional error data
 * @constructor
 */
function InternalOAuthError(message, data);

interface InternalOAuthError extends Error {
  name: 'InternalOAuthError';
  message: string;
  data?: object;  // Additional error information from OAuth provider
}

Migration Notes

This package exists for backwards compatibility with the 0.1.x line of OAuth strategies. For new applications, it is recommended to declare dependencies directly on the specific OAuth version modules:

  • Use passport-oauth1 for OAuth 1.0 implementations
  • Use passport-oauth2 for OAuth 2.0 implementations

Error Handling

The InternalOAuthError constructor is available for handling OAuth-specific errors that may occur during the authentication process. These errors typically contain additional data from the OAuth provider that can help with debugging authentication issues.

const { InternalOAuthError } = require('passport-oauth');

// Check for OAuth errors
if (error instanceof InternalOAuthError) {
  console.error('OAuth provider error:', error.message);
  console.error('Provider data:', error.data);
}

docs

index.md

tile.json