Open Samir-OP opened 3 years ago
There's already a Refresh Token usage example in the README.md
var DiscordStrategy = require('passport-discord').Strategy
, refresh = require('passport-oauth2-refresh');
var discordStrat = new DiscordStrategy({
clientID: 'id',
clientSecret: 'secret',
callbackURL: 'callbackURL'
},
function(accessToken, refreshToken, profile, cb) {
profile.refreshToken = refreshToken; // store this for later refreshes
User.findOrCreate({ discordId: profile.id }, function(err, user) {
if (err)
return done(err);
return cb(err, user);
});
});
passport.use(discordStrat);
refresh.use(discordStrat);
but what is User
?
but what is
User
?
Take it as a reference to a database called "User", find the user by their ID or create one if it doesn't exist
I'm struggling to understand this as well. I'm new to OAuth. I have added a 'login with discord' button to my express application and want to make sure users don't get logged out randomly. My app only uses Discord for authentication, and there are no plans to use the discord API beyond simply allowing users to log in.
Do I need to use refresh tokens to keep users from being logged out randomly despite their activity? I worry that users can end up having something expire despite having just used my app the previous day, for example.
If so, where do I use the refresh token? README.md has an example of how to use a refresh token, but not when to use one.
Additionally, I'm also confused as to why the example puts refreshToken
into profile
but not into the User
instance on the next line? Does it not need to be persisted with the user's data within the database?
Add example of refresh token in the example folder.