-
-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathdiscovery.js
89 lines (80 loc) · 2.4 KB
/
discovery.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
'use strict'
const fastify = require('fastify')({ logger: { level: 'trace' } })
const sget = require('simple-get')
const cookieOpts = {
// domain: 'localhost',
path: '/',
secure: true,
sameSite: 'lax',
httpOnly: true
}
// const oauthPlugin = require('fastify-oauth2')
fastify.register(require('@fastify/cookie'), {
secret: ['my-secret'],
parseOptions: cookieOpts
})
const oauthPlugin = require('..')
fastify.register(oauthPlugin, {
name: 'googleOAuth2',
// when provided, this userAgent will also be used at discovery endpoint
// to fully omit for whatever reason, set it to false
userAgent: 'my custom app (v1.0.0)',
scope: ['openid', 'profile', 'email'],
credentials: {
client: {
id: process.env.CLIENT_ID,
secret: process.env.CLIENT_SECRET
}
},
startRedirectPath: '/login/google',
callbackUri: 'http://localhost:3000/interaction/callback/google',
cookie: cookieOpts,
// pkce: 'S256' let discovery handle it itself
discovery: {
/*
When OIDC provider is mounted at root:
with trailing slash (99% of the cases)
- 'https://accounts.google.com/'
*/
issuer: 'https://accounts.google.com'
/*
also these variants work:
When OIDC provider is mounted at root:
with trailing slash
- 'https://accounts.google.com/'
When given explicit metadata endpoint:
- issuer: 'https://accounts.google.com/.well-known/openid-configuration'
When OIDC provider is nested at some route:
- with trailing slash
'https://id.mycustomdomain.com/nested/'
- without trailing slash
'https://id.mycustomdomain.com/nested'
*/
}
})
fastify.get('/interaction/callback/google', function (request, reply) {
// Note that in this example a "reply" is also passed, it's so that code verifier cookie can be cleaned before
// token is requested from token endpoint
this.googleOAuth2.getAccessTokenFromAuthorizationCodeFlow(request, reply, (err, result) => {
if (err) {
reply.send(err)
return
}
sget.concat({
url: 'https://www.googleapis.com/oauth2/v2/userinfo',
method: 'GET',
headers: {
Authorization: 'Bearer ' + result.token.access_token
},
json: true
}, function (err, _res, data) {
if (err) {
reply.send(err)
return
}
reply.send(data)
})
})
})
fastify.listen({ port: 3000 })
fastify.log.info('go to http://localhost:3000/login/google')