search

jaredhanson / passport-github

GitHub authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-github/?utm_source=github&utm_medium=referral&utm_campaign=passport-github&utm_content=about
MIT License
536 stars 290 forks source link

'access_token' not present in the passport-github2 request #68

Open razik29 opened 7 years ago

razik29 commented 7 years ago

I have registered an OAuth App via my Github account. I am basically trying to authorize my node requests(by sending access_token as part of request cookies) so I can access few APIs on another server. Hence I am using the github-passport2 package. I have setup the github strategy etc. & it seems to be all according to the doc. The flow works well too.

My Issue

After logging into Github(authorized) & getting redirected back to my /auth/github/callback, I ideally should be authorized and should have an access_token in the req. But I don't have it! Because of this I am not able to authorize my future requests with an access_token.

Important to note is that, this access_token is automatically attached when the request is initiated from a browser/client(using withCredentials: true parameter). The same access_token via node doesn't seem to be retrievable.

passport.use(new GitHubStrategy({
    clientID: GITHUB_CLIENT_ID,
    clientSecret: GITHUB_CLIENT_SECRET,
    callbackURL: "http://localhost:8080/auth/github/callback",
  },
  function(accessToken, refreshToken, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {
      return done(null, profile);
    });
  }
));

app.get('/auth/github', passport.authenticate('github', { scope: [ 'user:email' ] }), function(req, res){
  // The request will be redirected to GitHub for authentication, so this
  // function will not be called.
});

app.get('/auth/github/callback', passport.authenticate('github', { failureRedirect: '/login' }), function(req, res) {
  console.log(req); // <- This ideally should have the access_token? but doesn't
});

Any help is much appreciated

jeffwilcox commented 7 years ago

Hey @razik29, Do you consistently not have the token, or is there an error elsewhere in the pipeline? We regularly (~5% of requests to auth) get a "The code passed is incorrect or expired." from GitHub, and per their documentation, have had to modify the library to actually redirect back to the auth page and try again to get around the issue.

I also have telemetry in the library to identify when the request for some odd reason does not have an access token, and this is about 2% of our requests... https://github.com/Microsoft/opensource-portal/blob/develop/thirdparty/passport-github/lib/strategy.js#L93

:/

razik29 commented 7 years ago

Hi @jeffwilcox

Yes, I have this issue consistently. Now I am trying to explicitly make a call to the https://github.com/login/oauth/access_token within the auth/github/callback using the code in the req to get the access_token.

Doing the above gets me an access_token but this not a JWT as I need to pass a JWT to the next api I am trying to authenticate.

Please do help if you have idea regarding this ?

angeliski commented 7 years ago

Hi @razik29 Do you resolve your problem? You can use that repository: https://github.com/cfsghost/passport-github The V3 is current working, you can see a code in that: https://github.com/frontendbr/eventos-api/blob/master/src/middleware/passport-middleware/index.js