Skip to content

Implement user-specific OAuth client instances #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

Implement user-specific OAuth client instances #85

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f165108
Implement user-specific OAuth client instances
ojmarte Dec 28, 2023
5905efe
draft implementation
ojmarte Dec 28, 2023
8f9bbcc
change names of example
ojmarte Dec 28, 2023
75fcf8d
some configuraiton to set up the implementation
ojmarte Dec 30, 2023
cf58d7e
add a generate Random string to facing state
ojmarte Dec 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions examples/oauth2-user-specific-flow.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
// Copyright 2021 Twitter, Inc.
// SPDX-License-Identifier: Apache-2.0

import { Client, auth } from "twitter-api-sdk";
import express from "express";
import session from "express-session";
import dotenv from "dotenv";
import crypto from 'crypto';

dotenv.config();

const app = express();

app.use(session({
secret: "secret-key",
resave: false,
saveUninitialized: true,
cookie: {
secure: false,
httpOnly: true
}
}));

const authClient = new auth.OAuth2User({
client_id: process.env.CLIENT_ID as string,
client_secret: process.env.CLIENT_SECRET as string,
callback: "http://127.0.0.1:3000/callback",
scopes: ["tweet.read", "users.read", "offline.access"],
});

const client = new Client(authClient);

function generateRandomString() {
return crypto.randomBytes(16).toString('hex');
}

app.get("/callback", async function (req, res) {
try {
const { code, state } = req.query;
if (state !== req.session.state) {
return res.status(400).send("Invalid state parameter");
}

await authClient.requestAccessToken(code as string);
req.session.oauthTokens = {
access_token: authClient.credentials.access_token,
refresh_token: authClient.credentials.refresh_token
};

res.redirect("/tweets");
} catch (error) {
console.error(error);
}
});

app.get("/login", async function (req, res) {
const state = generateRandomString();
req.session.state = state;

const authUrl = authClient.generateAuthURL({
state: state,
code_challenge_method: "s256",
});

res.redirect(authUrl);
});

app.get("/tweets", async function (req, res) {
try {
if (!req.session.oauthTokens) {
return res.status(401).send("Not authenticated");
}

const userClient = new Client({
bearer_token: req.session.oauthTokens.access_token
})

const tweets = await userClient.tweets.findTweetById("20");
res.send(tweets);
} catch (error) {
console.log("tweets error", error);
}
});

app.get("/revoke", async function (req, res) {
try {
const response = await authClient.revokeAccessToken();
res.send(response);
} catch (error) {
console.log(error);
}
});

app.listen(3000, () => {
console.log(`Go here to login: http://127.0.0.1:3000/login`);
});