Passport strategy to authenticate using a previously issued refresh token, and provide new access tokens for Oauth 2.0 flow.
npm install passport-refresh-tokenRefresh token strategy for Passport.
This strategy is used to refresh the Oauth 2.0 access tokens issued by the server.
$ npm install passport-refresh-token
#### Require Strategy
Require the passport-google-authcode Strategy along with passport
``js`
var passport = require('passport');
var RefreshTokenStrategy = require('passport-refresh-token').Strategy;
#### Configure Strategy
The Refresh token strategy authenticates the request using the refresh token.
The strategy requires a verify callback, which accepts thatdone
credential and calls providing a user. Optional info can be passed,req.authInfo
typically including associated scope, which will be set by Passport at to be used by later middleware for authorization and access
control.
`js`
passport.use(new RefreshTokenStrategy(
function(token, done) {
User.findOne({ token: token }, function (err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false); }
return done(null, user, { scope: 'all' });
});
}
));
#### Authenticate Requests
Use passport.authenticate(), specifying the 'refresh_token' strategy, tosession
authenticate requests. Requests containing refresh tokens do not require session
support, so the option can be set to false.
For example, as route middleware in an Express
application:
`js`
app.get('/auth/token/refresh',
passport.authenticate('refresh_token', { session: false }),
function(req, res) {
// generate new tokens for req.user
res.json(tokens);
}
);
The post request to this route should include a JSON object with the key refresh_token` set to the refresh token issued earlier by the server.
- Shobhit Singhal
- Jared Hanson
Copyright (c) 2018 Shobhit Singhal