What is the reason you decided to create a new _oauth2 object rather than just getting the one from the provided strategy?

refreshOAuth2: new OAuth2 rather than refreshOAuth2: strategy._oauth2

I had to create a custom OAuth2 because MS has to do things their own way and can't use your module out of the box because of that. Am I missing something? Is there value in it being a new instance?

I don't use passport.js any more, and so I'm not the best person to be maintaining this repository. If anyone is interested in taking this on, please let me know and I'd be happy to transfer ownership.

Hi, I just wondered, does it work if my app has multiple OAuth strategies?

refresh.use(GoogleStrategy);
refresh.use(FacebookStrategy);

Thanks !

VisualStudio Online requires a Callback URL be provided as a parameter on the refresh request. The current implementation doesn't allow for that parameter to be added.

Can a mechanism be added to specify extra parameters beyond the coded
var params = { grant_type: 'refresh_token' };

Hi,
I'm using refresh with Google OAuth, how do you handle token timeout ?

• Should I ask for a accessToken refresh every time ?
• Where can I find accessToken timeout (passport only provide accessToken, refreshToken, profile)
• I don't want to wait for an error to perform the refresh
• Should I assume 1 hour ?

Regards

Hi there,

Firstly, many thanks for this library, it looks very useful 🙂

In a client application of this library, I can imagine two ways of knowing when to request a new token:

1. wait for a 401 response, request new token, re-run original request.
2. maintain token expiry time in the local state, and when that time is past, request new token.

With the API that I am using, on refreshing a token, the SSO response includes an expiry time as well as a new token. So I would like to use method 2 (and I suspect many API maintainers would prefer 2 was used as well 😁), but I can't see a way of accessing the result of the SSO response to get at this new expiry time.

Additionally, the SSO API may return a new refresh token as part of a policy of enforcing rotation of refresh tokens, so I need to get at that data as well. In any case, I think having the choice would be nice.

Perhaps I am over looking something! But any thoughts much appreciated, thanks.

#9 Behind Proxy!
Cannot set a proxy agent

I use the same code example as suggested in #1 to request a new access token.

My initial token has access to the following scopes ['profile', 'https://www.googleapis.com/auth/drive']. However, when using the refreshed token, the Google Drive API returns me a File Not Found: . error, which, according to https://developers.google.com/drive/v3/web/handle-errors#404_file_not_found_fileid, seems to be due to the access token not having the right access.

I'm not sure how to create a code that would reproduce this. If you have any suggestion, I could try to put together a gist.

/cc @fiznool

Some strategies overwrite the _oauth2.getOAuthAccessToken function, mostly for the purpose of custom headers (e.g. Reddit and Spotify require HTTP Basic Auth headers with the Refresh request). Here's the Reddit strategy (see line 78), and the Spotify strategy.

In this repo, the strategy._oauth.constructor from #3 still inherits the getOAuthAccessToken from the original oauth module, instead of inheriting the Strategy's overwrite. So Reddit isn't receiving the required header and is failing.

Any thoughts on how to get the strategy's version of the function to be inherited and called instead? If I figure it out I'd be happy to submit a PR.

Could this be modified to work with passport-azure-ad OIDC strategy? - i get the following error when using refresh.use(OIDC_Strategy) "Cannot register: not an OAuth2 strategy"

var newAccessToken;
refresh.requestNewAccessToken('google', refreshToken, (err, accessToken) => {

                        if (err || !accessToken) {
                            console.log("we got error ", err);
                        } else {
                            console.log("got new token", accessToken);
                            newAccessToken = accessToken;
                        }
                        
                    });
 console.log(newAccessToken) // return undefined 

can you help me to pass access to req or outside the refresh function ?

Could this be modified to be used with passport-openidconnect?

I'm using passport to oAuth with google. In my callback after the user has logged in, although the parameters are: (accessToken, refreshToken, profile, done), the refreshToken is undefined while every other parameter is what it should be. Am I using the library incorrectly? Why I am not receiving a refresh token from google?

I am using the below library to define my google strategy:

'require('passport-google-oauth').OAuth2Strategy'

Because of the new refreshOAuth2: new OAuth2(...) , agentUrl isn't transferred and the Proxy setup in the strategy might be lost. Maybe you could include in the README about externally setting the AgentUrl as:

'''
oauth2strategy._oauth2.setAgent(new HttpsProxyAgent(uaaConfig.agentUrl);
'''

or accomodate it in the new OAuth2() part.

Github Refresh Token - Undefined - using passport-github2

As commented in this "GitHub OAuth Busy Developer's Guide"

Tokens don't have to expire.

You can check an OAuth application authorization, delete it or revoke it.
But the token itself doesn't seem to be bound to an expiry date.

badsyntax adds in the comments:

I also found this useful:

"An OAuth token does not expire until the person who authorized the OAuth App revokes the token."
From "Migrating OAuth Apps to GitHub Apps".

Hello! Does anyone know how to use this package with Nest JS and is this possible?