Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'access_token' not present in the passport-github2 request #68

Open
razik29 opened this issue Aug 22, 2017 · 3 comments
Open

'access_token' not present in the passport-github2 request #68

razik29 opened this issue Aug 22, 2017 · 3 comments

Comments

@razik29
Copy link

razik29 commented Aug 22, 2017

I have registered an OAuth App via my Github account. I am basically trying to authorize my node requests(by sending access_token as part of request cookies) so I can access few APIs on another server. Hence I am using the github-passport2 package. I have setup the github strategy etc. & it seems to be all according to the doc. The flow works well too.

My Issue

After logging into Github(authorized) & getting redirected back to my /auth/github/callback, I ideally should be authorized and should have an access_token in the req. But I don't have it! Because of this I am not able to authorize my future requests with an access_token.

Important to note is that, this access_token is automatically attached when the request is initiated from a browser/client(using withCredentials: true parameter). The same access_token via node doesn't seem to be retrievable.

passport.use(new GitHubStrategy({
    clientID: GITHUB_CLIENT_ID,
    clientSecret: GITHUB_CLIENT_SECRET,
    callbackURL: "http://localhost:8080/auth/github/callback",
  },
  function(accessToken, refreshToken, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {
      return done(null, profile);
    });
  }
));

app.get('/auth/github', passport.authenticate('github', { scope: [ 'user:email' ] }), function(req, res){
  // The request will be redirected to GitHub for authentication, so this
  // function will not be called.
});

app.get('/auth/github/callback', passport.authenticate('github', { failureRedirect: '/login' }), function(req, res) {
  console.log(req); // <- This ideally should have the access_token? but doesn't
});

Any help is much appreciated
@jeffwilcox
Copy link

Hey @razik29,
Do you consistently not have the token, or is there an error elsewhere in the pipeline? We regularly (~5% of requests to auth) get a "The code passed is incorrect or expired." from GitHub, and per their documentation, have had to modify the library to actually redirect back to the auth page and try again to get around the issue.

I also have telemetry in the library to identify when the request for some odd reason does not have an access token, and this is about 2% of our requests... https://github.com/Microsoft/opensource-portal/blob/develop/thirdparty/passport-github/lib/strategy.js#L93

:/

@razik29
Copy link
Author

razik29 commented Aug 29, 2017

Hi @jeffwilcox

Yes, I have this issue consistently. Now I am trying to explicitly make a call to the https://github.com/login/oauth/access_token within the auth/github/callback using the code in the req to get the access_token.

Doing the above gets me an access_token but this not a JWT as I need to pass a JWT to the next api I am trying to authenticate.

Please do help if you have idea regarding this ?

@angeliski
Copy link

Hi @razik29 Do you resolve your problem?
You can use that repository: https://github.com/cfsghost/passport-github
The V3 is current working, you can see a code in that:
https://github.com/frontendbr/eventos-api/blob/master/src/middleware/passport-middleware/index.js

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jeffwilcox @angeliski @razik29