[Question] Updating Passport user session after calling client.refresh()

[sawyerh]

Apologies if this is out of scope – feel free to close if so.

I'm using the passport strategy provided by openid-client and am also trying to implement a method to keep the access_token from expiring. My current approach looks something like this:

1. In the Passport serializeUser function, we serialize the access_token, expires_at, and refresh_token into the session.

   passport.serializeUser((user, done) => {
     return done(null, {
       tokens: {
         access_token: user.tokens.access_token,
         expires_at: user.tokens.expires_at,
         refresh_token: user.tokens.refresh_token
       }
     });
   });

2. Before expires_at is reached, the client-side calls a /refresh endpoint, which:

   • Calls client.refresh(req.user.tokens.refresh_token)

   • Updates the session:

     req.session.passport.user.tokens.expires_at = tokens.expires_at;
     req.session.passport.user.tokens.access_token = tokens.access_token;
     
     res.sendStatus(200);

I'm wondering if there is a suggested method or example for this last step, where the updated access_token gets serialized back into the user session? Is what's outlined above what folks typically do, or is there more of a "passport-way" to do this?

[panva]

Hi @sawyerh,

definitely out of scope and I’m the last person Earth to give advise on how passport should be used ;)

Maybe more appropriate to ask in passport directly.