search

superfaceai / passport-twitter-oauth2

Twitter OAuth 2.0 Strategy for Passport for accessing Twitter API v2
MIT License
28 stars 9 forks source link

Refresh token is missing #4

Closed AlessandroVol23 closed 2 years ago

AlessandroVol23 commented 2 years ago

HI 👋🏽

thanks for your library. I have an issue that I don't get a refresh token. I set the scope to "offline.access" and I get the refresh token when I make the call manually with a fetch. Not sure what the issue is. Here is my code:

Strategy

passport.use(
    new TwitterStrategy(
      {
        clientID: clientId,
        clientSecret:clientSecret,
        callbackURL: callbackUrl,
        scope: ["follows.read", "tweet.read", "users.read", "offline.access"],
        clientType: "private",
      },
      async (accessToken, refreshToken, profile, done) => {
        return done(null, profile, accessToken, refreshToken);
      }
    )
  );

Init Auth

  router
    .route("/twitter")
    .get(
      passport.authenticate("twitter", {
        scope: [
          "follows.read",
          "tweet.read",
          "users.read",
          "offline.access"
        ],
        callbackURL: callbackUrl,
      })
    );

Callback

 router.route("/callback/twitter").get((req, res, next) => {
    passport.authenticate(
      "twitter",
      async (err, profile, accessToken, refreshToken) => {
        try {
          console.log("Access token: ", accessToken);
          console.log("refreshToken: ", refreshToken);

          res.redirect("/");
        } catch (error) {
          console.log("ee", error);
          res.redirect("/");
        }
      }
    )(req, res, next);
  });
janhalama commented 2 years ago

Hi Alessandro, we have working demo app here: https://github.com/superfaceai/twitter-demo which works well and refresh token is returned by the strategy.

I checked your code and done callback of the strategy should take only error or profile argument. I suggest to handle access and refresh tokens in strategy verify callback.

Jan

jnv commented 2 years ago

I will just point out that our token handling is done here: https://github.com/superfaceai/twitter-demo/blob/main/get-tokens.js#L48

We have also another demo with database persistence: https://github.com/superfaceai/social-media-demo/blob/main/src/auth/twitter/auth.js

AlessandroVol23 commented 2 years ago

Thanks for answers I will check that 🙂👍🏽

janhalama commented 2 years ago

@AlessandroVol23 can we close this issue? Did you manage to get refresh token?

AlessandroVol23 commented 2 years ago

Sorry about that! Yes it worked 🙂